4. Slow copy over site-to-site VPN, but only if copy initiated on the server side

Slow copy over site-to-site VPN, but only if copy initiated on the server side

  • O

    Hello, I have a couple of sleepless night in trying to resolve this issue, so now I am asking for your help.

    I have an OpenVPN server with three site-to-site clients connected.

    Networks / Sites / Tunnels
    Server (A):192.168.9.x / Openvpn tunnel:10.10.10.0/24
    Site B (B):192.168.4.x - Openvpn client
    Site C (C):192.168.7.x / Openvpn client
    Site D (D):192.168.8.x / Openvpn client

    Server and Site B are running on pfSense with 1GB/1GB down/up speed on both sites.
    All sites can connect, all can communicate and access each others resource, no issue on this side of things.

    The issue what I can't figure out is the following and related to the Server and Site (B) - the rest of the sites have no fast router HW to counter-test.

    Initializing the transfer from Site (B) I can copy FROM a file server on Server (A) with roughly 20MB/sec which is great.
    Initializing the transfer from Site (B) I can copy TO a file server on Server (A) with roughly 20MB/sec which is great.
    Initializing the transfer from Server (A) I can copy FROM a file server on Site (B) with roughly 20MB/sec which is great.

    ...but Initializing the transfer from Server (A) I can copy TO a file server on Site (B) with only roughly 8MB/sec
    This is less than half when the same transfer from the same file server with the same file, but the transfer is initialized on Site (B).

    How this can be?

    Traceroute looks great and same from both directions:

    From Site (B) to the Server:

    traceroute to 192.168.9.3 (192.168.9.3), 30 hops max, 60 byte packets
 1  192.168.4.254 (192.168.4.254)  0.211 ms  0.187 ms  0.183 ms
 2  10.10.10.1 (10.10.10.1)  22.747 ms  22.824 ms  22.825 ms
 3  192.168.9.3 (192.168.9.3)  22.922 ms  22.928 ms  22.920 ms

    From Server to Site (B) :

    # traceroute 192.168.4.4
traceroute to 192.168.4.4 (192.168.4.4), 30 hops max, 60 byte packets
 1  pfsense.localdomain (192.168.9.254)  0.181 ms  0.156 ms  0.208 ms
 2  10.10.10.50 (10.10.10.50)  22.040 ms  22.688 ms  22.687 ms
 3  192.168.4.4 (192.168.4.4)  22.735 ms  22.736 ms  22.787 ms

    The issue is 100% reproducible and not related to busy links.

    The only clue I had that it might be MTU related as the server WAN is a PPPOE link with MTU 1492, while Site (B) is on MTU 1500.
    OpenVPN was set up as default with no MTU tweaks, but I tried with "mssfix 1300" with no change in this.
    However, if this was an MTU issue, then the transfer wouldn't be fast for the same copy wither if initialized on Site (B).

    One more thing in case this would be important.
    These speeds above are with having send/receive buffers set to 2MB.
    With default send and receive buffers the 20MB/ sec goes down to 17/MB while the 8MB/sec goes down below 3MB/sec....

    The whole thing doesn't make any sense to me. Do you have an idea how this can be?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy