We use sonicwall, some users on SSLVPN, others on Global VPN. We have 100/100 DIA Fiber connection at the office, and I have 750/200 at my house. I use the Global VPN client because my computer doesn’t play nice with SSLVPN.
So…normally I can copy a file off of the file server and it runs 15-20mbs (Assuming 1 GB Single File for reference). I happened to be in a VMware Workstation VM, which I have the network connection set to NAT. This allows me to traverse the VPN tunnel from my VM without having to install the client. I started the copy from the file server to the VM, and it was running about 80mbs!.
I then went into “What sorcery is this” mode trying all kinds of testing. All speeds below are SMB3 throughput.
Native VPN on host:15-20mbps
As described above (Host on VPN → NAT to Win 7 VM):80mbps
As described above (Host on VPN → NAT to Win 10 VM):80mbps
Installing VPN client on Win 7 or Win 10 VM and connecting via VM:15-20mbps
So…it seems that when natively using the VPN…I am stuck around 20mbps (for SMB3 transfer), but via magic by using NAT on a VM…I can get it to 80 mbps (SMB3 Transfer)
I then used wireshark on the File server to find any big differences, MTU/Packet size, etc…they look identical from host and from VM.
Then I used iperf on the VM and the Host to the file server. Host gets around 48mbs…and VM is 65mbs
Then i tested latency…and host and vm were the same (27ms from House to file server over VPN)
So…who has any insight to this sorcery? I sure would love to be able to transfer files over VPN at 80mbs from my host!
If I remember correctly a VPN adds 8 extra bytes to a transmission. So your packet of 1500 is now 1508 and is fragmented and now takes 2 packets to transmit. Try dropping the packet size on the physical machine by 8 and I bet your throughput will go up.
The VM is doing all the computations on CPU, while your physical system is offloading some of that work to the Intel network card processor. Try disabling Offload on the host.
I’m not familiar with those particular VPN clients however I do work with lots of different VPNs. For client based VPN what I have found is that the transport protocol of the VPN, either TPC or UDP will drastically effect performance. Now, this isn’t the protocol of the protocol for the file copy TCP in the case of SMB, but the actual transport protocol the VPN uses to encapsulate the traffic across the tunnel. If possible, on the slow client, see if there is a setting to use UDP instead of TCP and if so, change it and test. You’ll see an improvement!
Depends on VPN provider you’re using and resources you’re trying to reach. At my job we develop various VPN solutions and your situation is normal in case if route to VPN server + route from VPN server to your resource is better than route from your provider to the resource.
UPD oops sorry for misreading, missed that part where you don’t install any VPN client on the VM.
That’s neat. If I had to guess, it would be something to do with either the settings or compatibility. Your VM probably has better drivers, and I would be willing to bet the VPN client itself was developed and tested on a VM. Try updating drivers of the host machine. Could also be something to do with NAT.
Rather than try to troubleshoot the speeds I would try a VPN server like OpenVPN, Wireguard, or SoftEther running on one of your servers and see how that performs compared to your Sonicwall.
Global clients will be faster. Are some bypassing the gateway antivirus? Are your VPN clients on a different subnet? According to SW they should be. It works both ways but their suggestion is less flaky overall.
When you install the VPN client, does it add any service to the network adaptor? Check the documentation to see if they can be disabled.I ask this because few years ago a service (I think it’s NDIS filter, not quite remember) added to the network adaptor by an Antivirus software would slow down network connection. It’s not a must to install it but it was added during client installation.
Not definitively. I gave after another week. See below for updates
I did also install an openvpn server and received the same results. The Openvpn server was technically still behind the SonicWall on that test. I did not try Openvpn directly attached to wan (this would rule out SonicWall completely.)
I did us iPerf between file server and remote client and was able to get 80mbs on either vpn host.
*ping time between hosts stayed around 30 ms
At the end of the day, I am leaning toward thinking that at 30-40ms latency, you can expect to get around 20mbs throughout. Still cannot figure out why the VM is faster though…it just doesn’t make sense.