Issues with TCP connections and speeds

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
mrpijey
Posts: 3
Joined: Sat Nov 16, 2019 10:20 am

Issues with TCP connections and speeds

Post by mrpijey » Sat Nov 16, 2019 11:53 am

Hello!

First of all, thanks for an excellent product. I've been using SoftEther for several years now and it's been great up until now. I am using it to tie a hosting server on the net to my private server at home to exchange smb traffic, and since it needs to be secure a VPN tunnel using SoftEther is used. Traffic is mostly SMB as the clients connect to it and pulls data from a network share on my server. It's also meant to be used to sync volumes between the main server and backup server. All the data is always flowing from the main connection to the clients, never the other way around, so the only bandwidth that is needed by the clients is download speed.

This is my current setup (simplified):

Home connection (Sweden):

1000/500Mbit. Running SoftEther VPN Server in a Hyper-V VM. No limitations on the server in terms of allowed TCP connections etc. No SecureNAT. Clients connect to it and gets an IP from my DHCP server.


Primary offsite connection (Germany):

1000/1000Mbit. Running SoftEther VPN client in a Hyper-V VM. Dials in to my server, set to 8 TCP connections to max out available bandwidth. Getting around 300-400Mbit-ish speeds depending on server load and routing etc. It pulls data through an SMB share on the main server (Sweden), acting as a relay for the data located in Sweden.


Secondary offsite connection (UK):

300/50 connection. Runs SoftEther VPN client in a Hyper-V VM, with identical configuration as the German connection above. Meant to be used to sync volumes between the main server (Sweden) and backup server (UK) using sync software (RoboCopy, SyncThing, FastCopy etc)

The problem is that regardless what I do it can only open up 2 TCP connections from this client, and the speeds are abysmal across the VPN. I would expect to get similar speeds from the UK site as the others as it's 300Mbit download, but to no avail.

Here are the iPerf speeds just to get an idea what I get from each client:

Germany <> Sweden (using 1 thread, 8 TCP connections):

Code: Select all

[  4]   0.00-10.00  sec  49.8 MBytes  41.7 Mbits/sec                  sender
[  4]   0.00-10.00  sec  49.7 MBytes  41.7 Mbits/sec                  receiver
Germany <> Sweden (using 8 parallel threads, 8 TCP connections):

Code: Select all

[SUM]   0.00-10.00  sec   376 MBytes   315 Mbits/sec                  sender
[SUM]   0.00-10.00  sec   375 MBytes   315 Mbits/sec                  receiver
This is fine, not full speed of either lines but that could be due to routing or whatever. It's adequate for our needs. Similar speeds are measures without the VPN so the VPN seems to be maxing out the available bandwidth.
-

UK <> Sweden (using 1 thread, 2 TCP connections (8 TCP connection set)):

Code: Select all

[  4]   0.00-10.01  sec  6.88 MBytes  5.76 Mbits/sec                  sender
[  4]   0.00-10.01  sec  6.84 MBytes  5.73 Mbits/sec                  receiver
UK <> Sweden (using 8 parallel threads, 2 TCP connections):

Code: Select all

[SUM]   0.00-10.00  sec  11.0 MBytes  9.23 Mbits/sec                  sender
[SUM]   0.00-10.00  sec  9.67 MBytes  8.11 Mbits/sec                  receiver
This is the major problem. The speeds are awful and the SMB tunnel is barely usable.
-

As I mentioned, the UK side only opens up two 2 TCP connections even when it's set to 8. Any traffic going through the tunnel is dead slow.

But the kicker is, if we do a SFTP file download from Sweden to UK without the VPN tunnel across only 4 parallel threads we get full speed, so there's nothing wrong with the infrastructure speeds. It's only as soon as we use the VPN things slow down to a crawl. I've tried alternative VPN solutions such as Hamachi and OpenVPN with similar slow results, the only way to get the full speed is by using SFTP or HTTP, but I have not yet found any software than can do proper volume syncing using those protocols. I could skip VPN here if I found something that would work. SFTP is not a solution since it won't be able to preserve file attributes or detect changes etc (as normal sync software would do), and alternative software such as SyncThing, Syncrify, DeltaCopy etc are too slow as they are using only a single TCP connection (whereas with FTP I can use several parallel connections).

The UK ISP reports no traffic shaping or throttling, I've tried different ports, with and without Hyper-V, i've tried with a fresh config of SoftEther client, I've even tried to connect to a secondary SoftEther server in case there were some limitations imposed on the primary, but all with the same slow results. And only two TCP connections even when the client is set to 8, and no restrictions on the server.

So I am at a loss. I need a way to sync the Sweden<>UK site but nothing across the VPN is usable due to the slow speeds, and no other VPN-less solutions are good for syncing or cloning volumes across WAN.

My first attempt at finding a solution was to fix the TCP connections but it only opens up 2 TCP connections, sometimes just one. And I can't figure out why. The other server (German) works just fine every time, and we get good speeds every time, but the UK site refuses.

Does anyone have any ideas what to try next?

Thanks in advance!

mrpijey
Posts: 3
Joined: Sat Nov 16, 2019 10:20 am

Re: Issues with TCP connections and speeds

Post by mrpijey » Thu Nov 21, 2019 9:29 am

So no one ever had this issue? Are there any developers checking these pages?

mrpijey
Posts: 3
Joined: Sat Nov 16, 2019 10:20 am

Re: Issues with TCP connections and speeds

Post by mrpijey » Thu Dec 05, 2019 9:59 pm

Well, in the end I've come up with a solution.

First of all however I am greatly disappointed in this community. 1500 views and not a single reply, not even the slightest hint at what the issue could be, no theories offered or anything. And the developers seems to ignore this community entirely. What a disappointment, I will look into other VPN alternatives where the community is alive and helpful as not everyone can be an expert.

Now, to the solution to my problem, to anyone that might have similar issues and just as me looked for answers but got none:

As my German offsite connection was connected to a fiber connection through a PPPoE someone not related to this community or product hinted at it could have been a packet fragmentation error. Because when the ISP modem was used the connection was quick (although still limited to two connections), and without the modem it was slow as displayed in the benchmarks above. I even tried an ipsec tunnel and all with the same bad results.

But in the end it was the host that had the wrong MTU setting. All nodes were using pfSense as firewall and router, and as soon as we raised the MTU setting (default for ethernet is 1514 and PPPoE 1492), and the idea was that since we were using pfSense with a PPPoE connection and also several virtual machines (where one of them was running SoftEther) the MTU window could simply been too small. By raising the MTU window for the external connection we managed to get the full speed again.

So raising it to a "jumbo" setting, i.e anything above the default 1514 (standard jumbo settings are 9014 or 4088 bytes) the encapsulated TCP packets can fit and you will get full speed.

I hope it makes any sense.

Thank you.

Post Reply