Hi Guys.
I am installed in one vlan the softether bridge and connect it to my main hub server which is outside (in a datacenter) to a virtual hub.
My clients connect to another virtual hub in the datacenter server and using routing they can access different branches and services.
If i run a iperf from my client to a server in the brach where the bridge server is connectin, i got 5mbps, which is my home uplink max speed. But if i do the same just on the oposite direction (from the branch computer to my client computer) i got 256 kbps, which is really BAD, and in that office we have 10 MBps uplink speed (and yes, no one was working at the moment)
Connecting my client to the vpn server running on the DC and doing a speed test, gives me 50 MBps.
So, in nutshell
Client <-> VPN server working perfect.
Client -->VPN Server -->Bridge --> client works ok, 5 MBps
Client <--VPN Server <-- Bridge <-- Client works BAD, 256 kbps
On the branch office, the vpnbridge is running in a virtual machine with 512 mb ram/ 1 xeon 2.5 core, connected in a switch to a VLAN only for them, running on ubuntu, kvm virtualization with network and drive paravirtualized. It is connected throught a PfSense to the outside to a virtual vps on digital ocean, only running vpn services on ubuntu.
I tried to enable more connections on the bridge config (from 8 to 16), enable compression and so on, with that i gain around 10 kb/s but not a real deal.
I know SecureNAT is really slow, but c'mon, 256 kbps ???? if i got 1 or 2 MBps i would be more than happy.
Version:
Vpn Server -> 4.14 build 9529
Low speed issue in one direction using Bridge
-
ixlabs
- Posts: 8
- Joined: Thu Dec 04, 2014 11:43 pm
Re: Low speed issue in one direction using Bridge
Well, it seems the support of this software really discorages to put it on production. I dont wat to imagine what should happen if someone tries to provide more than "casual" vpn connections with this software and it turns no one offer any kind of clue, idea or support.
Sorry guys, but this software is like a time bomb.
This is a warning, forgot softether: if something go wrong, you are alone without a forum support. Better stick to openvpn that at least, they have a lot of people that could help you to debug problems.
Here is like the desert.....
Sorry guys, but this software is like a time bomb.
This is a warning, forgot softether: if something go wrong, you are alone without a forum support. Better stick to openvpn that at least, they have a lot of people that could help you to debug problems.
Here is like the desert.....
-
qupfer
- Posts: 202
- Joined: Wed Jul 10, 2013 2:07 pm
Re: Low speed issue in one direction using Bridge
ixlabs wrote:
> I dont wat to imagine what should happen if someone tries to provide more than "casual"
> vpn connections with this software and it turns no one offer any kind of clue, idea
> or support.
If someone tries to provide more than "casual", he read the documentation and know, what SecureNat isn't make for "non casual" settings. So he turn it off and is happy about a easy, powerfull and fast vpn solution.
> I dont wat to imagine what should happen if someone tries to provide more than "casual"
> vpn connections with this software and it turns no one offer any kind of clue, idea
> or support.
If someone tries to provide more than "casual", he read the documentation and know, what SecureNat isn't make for "non casual" settings. So he turn it off and is happy about a easy, powerfull and fast vpn solution.
-
ixlabs
- Posts: 8
- Joined: Thu Dec 04, 2014 11:43 pm
Re: Low speed issue in one direction using Bridge
wow, such a wonderful answer.
And that is why SecureNat only provides me 256 kbps over a 10000 kpbs uplink on the Softether bridge, isnt?
Nonetheless when the Bridge is connected to a virtual Hub which HAS NO SecureNat enabled and when using secureNat between my client connected to a VirtualHub and the internet give me 20000 kbps.
This is nonsense.
EDIT
I ran some test, for the sake to show you why you are so
wrong.
Now i am connected to the hub where the bridge is connected, the ip is provided by my FIREWALL DHCP, there is here no SecureNAT involved.
The range is 192.168.12.0/24,
.253 -> my bridge virtual adaptor from the virtual hub
.1 -> the machine who has the bridge to the physical lan
.254 -> the firewall ip / gateway (Pfsense 2.2)
.101 -> Me
-------------------
Traceroute from my client to the machine i am doing the tests:
traceroute to 192.168.13.210 (192.168.13.210), 64 hops max, 52 byte packets
1 192.168.12.254 (192.168.12.254) 77.903 ms 73.158 ms 81.974 ms
2 192.168.13.210 (192.168.13.210) 80.811 ms 77.119 ms 75.700 ms
Now, Iperf. First from my client to the machine (13.210)
Client connecting to 192.168.13.210, TCP port 5001
TCP window size: 128 KByte (default)
------------------------------------------------------------
[ 4] local 192.168.12.101 port 56996 connected with 192.168.13.210 port 5001
[ ID] Interval Transfer Bandwidth
[ 4] 0.0-10.1 sec 6.62 MBytes 5.48 Mbits/sec
-------------------------------------------------------------
Now, iperf from the machine to me
Client connecting to 192.168.12.101, TCP port 5001
TCP window size: 17.5 KByte (default)
-------------------------------------------------------------
[ 3] local 192.168.13.210 port 35450 connected with 192.168.12.101 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-82.1 sec 256 KBytes 25.6 Kbits/sec
--------------------------------------------------------------
Well, there is a difference of x 20 times S-L-O-W-E-R
Now, in your opinion: this is the normal behavior?
I'm awaiting your answer.
And that is why SecureNat only provides me 256 kbps over a 10000 kpbs uplink on the Softether bridge, isnt?
Nonetheless when the Bridge is connected to a virtual Hub which HAS NO SecureNat enabled and when using secureNat between my client connected to a VirtualHub and the internet give me 20000 kbps.
This is nonsense.
EDIT
I ran some test, for the sake to show you why you are so
wrong.
Now i am connected to the hub where the bridge is connected, the ip is provided by my FIREWALL DHCP, there is here no SecureNAT involved.
The range is 192.168.12.0/24,
.253 -> my bridge virtual adaptor from the virtual hub
.1 -> the machine who has the bridge to the physical lan
.254 -> the firewall ip / gateway (Pfsense 2.2)
.101 -> Me
-------------------
Traceroute from my client to the machine i am doing the tests:
traceroute to 192.168.13.210 (192.168.13.210), 64 hops max, 52 byte packets
1 192.168.12.254 (192.168.12.254) 77.903 ms 73.158 ms 81.974 ms
2 192.168.13.210 (192.168.13.210) 80.811 ms 77.119 ms 75.700 ms
Now, Iperf. First from my client to the machine (13.210)
Client connecting to 192.168.13.210, TCP port 5001
TCP window size: 128 KByte (default)
------------------------------------------------------------
[ 4] local 192.168.12.101 port 56996 connected with 192.168.13.210 port 5001
[ ID] Interval Transfer Bandwidth
[ 4] 0.0-10.1 sec 6.62 MBytes 5.48 Mbits/sec
-------------------------------------------------------------
Now, iperf from the machine to me
Client connecting to 192.168.12.101, TCP port 5001
TCP window size: 17.5 KByte (default)
-------------------------------------------------------------
[ 3] local 192.168.13.210 port 35450 connected with 192.168.12.101 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-82.1 sec 256 KBytes 25.6 Kbits/sec
--------------------------------------------------------------
Well, there is a difference of x 20 times S-L-O-W-E-R
Now, in your opinion: this is the normal behavior?
I'm awaiting your answer.
-
qupfer
- Posts: 202
- Joined: Wed Jul 10, 2013 2:07 pm
Re: Low speed issue in one direction using Bridge
ixlabs wrote:
> Well, there is a difference of x 20 times S-L-O-W-E-R
> Now, in your opinion: this is the normal behavior?
No, but what want you hear? That SoftEther is crap? It isn't.
But with your given informations, nobody can really help you. You have to be exactly as possible. Which subnet do you have where. Where did you do NAT, where routing and so on.
And also check trivial thinks like: What is CPU/RAM usage and maybe much more usefull. How much is the "real" outgoing traffic?
If you have a routing mistake which result in a loop, you may have 10 MBit/s outgoing, but just a few Bytes are usefull because you send the same package again, again and again. iperf would see only the "usefull" bytes. (take a look at bwm-ng)
> Well, there is a difference of x 20 times S-L-O-W-E-R
> Now, in your opinion: this is the normal behavior?
No, but what want you hear? That SoftEther is crap? It isn't.
But with your given informations, nobody can really help you. You have to be exactly as possible. Which subnet do you have where. Where did you do NAT, where routing and so on.
And also check trivial thinks like: What is CPU/RAM usage and maybe much more usefull. How much is the "real" outgoing traffic?
If you have a routing mistake which result in a loop, you may have 10 MBit/s outgoing, but just a few Bytes are usefull because you send the same package again, again and again. iperf would see only the "usefull" bytes. (take a look at bwm-ng)