Topic: VPN performance

[Kelvin]

Hi All,

I need some feedback on others who have successfully setup and used VPN access from Win9x machines to a SME Server.

In particular, I need to know how to boost the performance of the VPN link.

My test setup :-

SME Server (P-II 350 with 64MB RAM) connected to internet via cable

Client : Athlon XP 1800 (the works) running W98SE and DUN1.4 update connecting to internet via dial-up.

I can VPN into the network with no problems. However, any and all access is painfully slow. The two connection icons on the system tray appears to be flashing on and off fairly regularly (and quickly) when I do something as simple as check mail (POP3) from the SME server. Is this typical and if so, how can I increase the performance of the VPN link ? Seeing as the connection is encrypted, I assume that the SME Server's processor speed can affect the speed of the link (or am I mistaken) ?

TIA for any and all help.

Kelvin

[BK]

HI Kelvin,

I think i might be that you are using dial-up from home... and your speed of your cable might be a factor too.....

[AlecN]

Your problem is the 56K dialup. I think it is too slow for this application. In my case, it was only acceptable when I connected via ADSL both ends. The fact that you have a fast client has nothing to do with it. You could connect via a mainframe & 56K & still be disappointed. The 56K is the weak link.

Alec

[little bark, BIG BYTE!!]

Yep, the weekest link and all that. If you want performance out of a VPN with a slow connection you need to go with a VNC application.

[ryan]

Make that TightVNC using "best performance".  TightVNC using Best (not fast) is also more secure than regular WinVNC.

WinVNC is painfully slow using 56k.  If you are going to try VNC, install port forwarding unless you are comming in throught the VPN.

Good Luck

[ryan]

Meant to say "Best Compression" not performance.

[Kelvin]

Thanks Everyone who responded.

You have confirmed my suspicion that Dial-Up is not suitable for VPN work unless someone else can say otherwise using hardware based VPN instead of the SME server (VPN is a requirement as we need access to the network not merely to remote control a PC - in fact we do not want to remote control a PC at all).

On a related note, can anyone confirm whether or not SME 5.1.2 already allows VPN Masquerading (ie. a workstation behind the SME server connecting via VPN to a host out in the internet) out of the box or do I need to add modules to get this to work ?

Kelvin

[little bark, BIG BYTE!!]

I am behind a SME server. My windows 2000 machine VPN's fine into another network that sits also behind a SME server.

[Lazo]

I have VPN running on my SME server with an ISDN (128Kbps). I have a 56k on my client, it is true is slow over 56k, but not that much, that depends the application you are using, for e-mail, VNC, copying files, it works for me, slow but the job can be done!! Faster is allways better, if  you don't have anything else, you can try 56k!!

[Andre Courchesne - Consu]

Hi all,

  Any ideas (beside a bigger bandwidth) of what else could improve the VPN (PPTP) speeds?

    -Faster processor
    -Dual processor
    -More memory
    -Specific network cards,...

  Any ideas is welcome...

----
Andre Courchesne - Consultant

[Todd Pearsall]

Unfortately, bandwidth is almost certainly your problem.  FreeS/WAN on a 486 has no problem saturating a T1, unless your SME box is already CPU bound, processing power isn't the problem.  In fact on a 486 the bottleneck on > 5MB/s pipes is the ISA NIC and backplane, not CPU.

Check the FreeS/WAN site http://www.fresswan.org for other suggestions and performance info.  If remote control will meet your needs, I agree that VNC and TightVNC are an excellent free solution.

- Todd