Poor SMB Download Speed over VPN

networking ipsec server-message-block
6,420

Solution 1

We have a setup where 2 sites on 50 Mb/s up/down each have an SMB server and are connected via an IPSec VPN (pfSense). Transfer performance of a single large file averages at around 45 Mb/s.

Ping time between the two sites is only 5ms which may make a difference here... though it does show it can work.

Some suggestions below:

  • Naturally SMB is better at 1 large file than it is at many small ones. Test your setup with a single large file, if you're not doing so already
  • Check to ensure the VPN is passing traffic correctly and not dropping packets
  • Try a different protocol (e.g. FTP) to see if the bottleneck is SMB or the VPN

Solution 2

The problem relies on your duplex settings. Cogent will allow you to change your duplex to auto-negotiation but they will tell you it will void your SLA and will tell you everything is your fault from there on out if you change this setting. Just call in their line and state you want to change your duplex settings to auto-negotiate, insist on it. The problem relies on the fact that sonic wall as a company believes in 1/2 duplex and Cogent believes in Full duplex. Technically Cogent is right because they are giving you 100Mbps up and down almost as if your getting 200mbps total but they are terrible at communicating this to their customers and SonicWall. Auto Negotiation is a perfectly good method and almost every ISP uses it but Cogent is well Cogent. How do I know? I've worked for them, and well treating your customer correctly can get you not happy with the boss.

Just to let you know about 1/3 of their calls deal with duplex settings and 1/10 about SonicWall settings with duplex.

Share:
6,420

Related videos on Youtube

Grumps
Author by

Grumps

Updated on September 18, 2022

Comments

  • Grumps
    Grumps almost 2 years

    I'm at a bit of a loss for trying to figure out how to improve our file sharing with remote users.

    The setup is as follows:

    • Cogent Fiber 100 Mb/s Up and Down
    • Sonicwall running SonicOS 5.8.1
    • Dell PowerEdge R310
    • Washington, DC

    Remote User:

    • Is running Windows 7 Pro.
    • Has a comcast 50 Mb Dl 12 up speed
    • Denver
    • Experiencing download speeds of 220 Kbs/s

    Here's what I've done:

    • Changed my key exchange to 'Group 1' for better network performance. [minor minor improvement.]
    • ISP MTU is set to 1542, I dropped WAN from 1500 to 1460 and the issue got worse.
    • Pings to Fileserver are in the 60-70 milisecond range.

    Is this just a potentially poor use of SMB? Should I try to find another way to share files with remote users.

    • joeqwerty
      joeqwerty over 10 years
      IMO, SMB over VPN performance is poor and will always be poor.
    • Grumps
      Grumps over 10 years
      I've been thinking that this was going to be the issue. Do you happen to have any alternative suggestions?
    • kralyk
      kralyk over 10 years
      If possible on the PowerEdge, setup FTP. Then test throughput from the user via FTP, both with and without the VPN tunnel. This will help identify if SMB is the culprit.
    • Keith Stokes
      Keith Stokes over 10 years
      I happen to have a setup able to test the same transfer of FTP vs SMB, using the PfSense firewalls as does phil-lavin. The server is Win2003r2 and the client is Win7Pro. We're both on the same cable provider a few miles apart. I transferred a 180 MB FLAC audio file using both FTP and SMB. FTP averaged 597 KB/sec and SMB ~580 KB/sec. Wow, that's certainly not what I expected, especially since I upvoted joeqwerty's comment above before testing, and now can't undo.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

VPN L2TP/IPSec client on Ubuntu 16.04 VPN service failed to start
Where to add the Pre-Shared Key for the Server Authentication with Network Manager for L2TP/IPSEC?
PFSense IPSec connection established, wan works, lan not
IPsec on pfSense: Tunnel is up, but I can't connect to remote host
ipsec configuration problems on Ubuntu. Errors on IP forwarding" connection authorization from Android client
IPSec with or without L2TP?
Connect FortiClient IPsec VPN via Ubuntu 18.04 KDE
L2TP/IPSec stopped working after openssl upgrade
Does the traffic go through my company network when I browse when connected through SSL-VPN
Some Win10 PCs will not connect to SMB share, others will