VPN Slow Browsing and file opening 1

[russellmunday]

Help please
I have set up a vpn for a customer using a dratek router at head office there are some dial up users connecting to various isp with 56k modems they get authenticated and can use the network but it is very slow when browsing even opening a mapped drive can sometimes take three to four minutes. yet in dos I can dir the same drive and get the same results in seconds the other problems are office documents especially word or excel if I double click the file from its location its incredibly sow to open up to four minutes to open and unlock if at all, if I choose file open its slightly quicker but not by a lot. I have experimented lots and can copy the files to my computer at the speeds I would expect. So what is the answer?

 

[Ntr0P]

Dial-up is slow to begin with however, check the MTU settings. Note, this is for IPSec tunnels... This is a fairly simple change, and you can do it on one computer. If successful, you can implement it on your remaining workstations that use VPN.

1. Download DRTCP, freely available at

http://www.dslreports.com/front/DRTCP021.zip

2. Connect with the VPN client and do a ping test to a server on the other side of the tunnel.

Example. Your Exchange or Terminal server is 192.168.10.5

C:\ping 192.168.10.5 -f -l 1500

Pinging 192.168.10.5 with 1500 bytes of data:

Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.

Ping statistics for 192.168.10.5:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

This means the packet is fragmenting and is rejected since the -f (do not fragment is set) as most PC's are set to 1500 MTU by default.

Reduce the size in the ping command until you get good reply pings.

C:\ping 192.168.10.5 -f -l 1350

Pinging 192.168.10.5 with 1350 bytes of data:

Reply from 192.168.10.5: bytes=1350 time=109ms TTL=52
Reply from 192.168.10.5: bytes=1350 time=32ms TTL=52
Reply from 192.168.10.5: bytes=1350 time=235ms TTL=52
Reply from 192.168.10.5: bytes=1350 time=141ms TTL=52

Ping statistics for 192.168.10.5:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 32ms, Maximum = 235ms, Average = 129ms

3. Once you have found the good size, subtract 10 from this and that is your MTU size.
4. Run DRTCP on your PC, and select your network card in the drop down box at the bottom of the application.. Enter the MTU size in the box for MTU (in this scenario its 1340) and apply the change, but do not alter any of the other settings available! Close DRTCP and reboot the machine.

Now you are all set. Traffic from your machine will now pass without fragmentation and you should see more reliable and faster connections. This change will not affect normal network traffic on your PC and it might make it faster as well. If it helps one machine, you can apply the setting to all of your PC's.

 

[btnet]

This may be a dumb question, but should the MTU settings be performed at the server as well?

 

[russellmunday]

the answer is download and run cablenut

 

[technome]

Mtu settings can vary at all your broadband connection points, I have seen it be different from two remotes, within miles of each other with accounts with the same provider. Mtu of the Nic interfaces can be set, but document the changes if you need to reverse it.

Run pathping through your tunnel to see packet loss

I use TCP optimizer, which will do both MTU test router and NIC settings..

http://www.speedguide.net/downloads.php

Discussion of MTU

http://x220.win2ktest.com/forum/topic.asp?TOPIC_ID=9047&SearchTerms=cisco,mtu