SoftEther very slow on Linux virtual VM server when downloading - [FIX]

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
Posts: 1
Joined: Fri Nov 17, 2023 2:31 am

SoftEther very slow on Linux virtual VM server when downloading - [FIX]

Post by Domingo » Fri Nov 17, 2023 1:10 pm

I know from spending a couple times searching for a solution to this that it has been brought up many many times. I've found a combination that works.

1. Disabling offloading is a must - I used `ethtool -K em1 gso off gro off tso off tx off rx off`
2. Using e1000 NIC and not virtio
3. The linux server must be using a bridge device

This is on Linux qemu VM's running Debian. I suspect that on bare metal you'd still need offloading disabled, and a bridge.

I've tested this pretty thoroughly with many different settings, and reboots, on two different servers with different configurations, in different locations.

I tested speeds with iperf3. Upload speeds were gigabit, download speeds were Kbps to a couple Mbps on both a VPN bridge, and using secure nat.

One server was running proxmox with a debian 12 guest VM. The other server was a debian 11 VM running on debian 11 with libvirt.

I still question why it needs a bridge device on the guest (especially when using NAT), but on the one server - that was the last thing I did and it instantly started delivering the high speeds. On the other server the last of the 3 things I did was disable offloading. I tried switching back and forth between disabled and enabled offloading, and between virtio NIC and e1000, both with and without offloading, but I never tried switching back to a non-bridged interface.

I don't have any bare metal to test with at the moment, but I'll try over the next few days on an entirely different server.

Posts: 289
Joined: Wed Dec 28, 2022 9:10 pm

Re: SoftEther very slow on Linux virtual VM server when downloading - [FIX]

Post by shakibamoshiri » Sat Nov 18, 2023 8:15 pm

Here are the steps to have maximum speed
1. having a dedicated NIC for the server
2. if (1) was not feasible , then a tap device is preferred (Adding a local bridge)
3. neither (1) and (2) were feasible , then vNAT (Virtual NAT) could be used (least preferred)

and there are more.
Test the client and server speed using relevant tools (e.g ipref, vpncmd, etc)
Test the VPN protocol , some ISPs throttle some protocols

Post Reply