cancel
Showing results for 
Search instead for 
Did you mean: 

Evening VPN performance issue (IPsec, not L2TP)

oliverb
Grafter
Posts: 606
Registered: ‎02-08-2007

Evening VPN performance issue (IPsec, not L2TP)

Only just beginning to investigate this, I'd rather just leave well alone but I use IPsec to connect from home to work and I'm finding that file and folder access is excessively slow in evenings. Ping times are three figure, about 150ms, probably not slow enough to account for it though maybe if I ping while a copy is in progress I'll see more change. Daytime ping was <50ms and access as fast as I'd expect.
17 REPLIES 17
dvorak
Moderator
Moderator
Posts: 29,473
Thanks: 6,623
Fixes: 1,482
Registered: ‎11-01-2008

Re: Evening VPN performance issue (IPsec, not L2TP)

What package are you on and what are your normal speeds like?
Customer / Moderator
If it helped click the thumb
If it fixed it click 'This fixed my problem'
James
Grafter
Posts: 21,036
Thanks: 5
Registered: ‎04-04-2007

Re: Evening VPN performance issue (IPsec, not L2TP)

Oliver,
If you're referring to the connection linked to this account then there's certainly no reason why you should have experienced VPN issues last night.
jelv
Seasoned Hero
Posts: 26,785
Thanks: 971
Fixes: 10
Registered: ‎10-04-2007

Re: Evening VPN performance issue (IPsec, not L2TP)

Have you checked the exchange status?
Have you checked pings not over the VPN (I'd suggest comparing pinging day/evening on one of the Plusnet DNS servers).
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
oliverb
Grafter
Posts: 606
Registered: ‎02-08-2007

Re: Evening VPN performance issue (IPsec, not L2TP)

Some results from pinging the remote router.
 bytes=32 time=75ms TTL=122
bytes=32 time=51ms TTL=122
bytes=32 time=49ms TTL=122
bytes=32 time=77ms TTL=122
bytes=32 time=62ms TTL=122
bytes=32 time=46ms TTL=122
bytes=32 time=49ms TTL=122
bytes=32 time=76ms TTL=122
bytes=32 time=73ms TTL=122
bytes=32 time=44ms TTL=122
bytes=32 time=64ms TTL=122
bytes=32 time=53ms TTL=122
bytes=32 time=107ms TTL=122
bytes=32 time=50ms TTL=122
bytes=32 time=48ms TTL=122
bytes=32 time=62ms TTL=122
bytes=32 time=1260ms TTL=122
bytes=32 time=65ms TTL=122
bytes=32 time=69ms TTL=122
bytes=32 time=52ms TTL=122

Seems very variable. Not clear why folder access is as slow as it is, anything up to 30s for a folder to show.
SteveA
Pro
Posts: 1,847
Thanks: 106
Fixes: 3
Registered: ‎17-06-2007

Re: Evening VPN performance issue (IPsec, not L2TP)

do you see any packet loss on your pings?
jelv
Seasoned Hero
Posts: 26,785
Thanks: 971
Fixes: 10
Registered: ‎10-04-2007

Re: Evening VPN performance issue (IPsec, not L2TP)

Can you post the results of pinging ntp.plus.net please. I'd like to see if it's between you and Plusnet or between Plusnet and the gateway that the problems occur.
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
oliverb
Grafter
Posts: 606
Registered: ‎02-08-2007

Re: Evening VPN performance issue (IPsec, not L2TP)

Well from the office in daytime I'm getting about 23ms to ntp.plus.net and 46ms to home via VPN, 42ms if I ping the public IP.
Directory browse works at an acceptable rate from work to home.
jelv
Seasoned Hero
Posts: 26,785
Thanks: 971
Fixes: 10
Registered: ‎10-04-2007

Re: Evening VPN performance issue (IPsec, not L2TP)

What will be interesting is to compare home -> PN -> office at peak time tonight when it's bad with the results early tomorrow morning when it's at it's best.
If pings not via the VPN are unaffected your next stage will be to get a Wireshark capture to make sure that the VPN traffic is being correctly identified and put in the correct queue.
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
oliverb
Grafter
Posts: 606
Registered: ‎02-08-2007

Re: Evening VPN performance issue (IPsec, not L2TP)

I'm not sure if capture will be possible, this is a router-to-router bridge not a dial-in, so by the time the packets reach my network the VPN "Wrapper" has been removed.
ramidoodle
Grafter
Posts: 265
Registered: ‎28-09-2008

Re: Evening VPN performance issue (IPsec, not L2TP)

Quote from: oliverb
I'm not sure if capture will be possible, this is a router-to-router bridge not a dial-in, so by the time the packets reach my network the VPN "Wrapper" has been removed.

Hi there,
I'm not sure if the service offer field will be removed or not, I would try if I were you and check the packet details.
if you are unable to check them, you will have only one option to check this via wireshark (the hard way):
you will need a hub not a switch! this is because hub broadcast everything to all ports without checking the packet destination
you will need 2 extra ethernet cables
connect the hub to the wan port on your vpn router that goes to the internet router, connect another cable from the internet modem/router to the hub and finally connect another pc or laptop to that hub and run wireshark on it while you are  using the VPN as normal on your work PC.
basically the hub will broadcast the packets and the pc with wireshark connected to the hub will be able to capture them Wink
I've produced a diagram, hope this is helpful, it might be a bit OTT for a vpn investigation but it is the best way for checking packets between 2 nodes.
jelv
Seasoned Hero
Posts: 26,785
Thanks: 971
Fixes: 10
Registered: ‎10-04-2007

Re: Evening VPN performance issue (IPsec, not L2TP)

Rami, in router bridge mode no wrapped packets make it past the router so the service offer field will have been stripped before it reaches the hub!
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
oliverb
Grafter
Posts: 606
Registered: ‎02-08-2007

Re: Evening VPN performance issue (IPsec, not L2TP)

These are a pair of Billion ADSL routers with built-in VPN function. The encrypted stream is not visible. Probably the only practical way to pick up the encrypted traffic would be to grab it at the ISP end. Anyway I'm pretty sure its Protocol (NOT PORT) 50 or 51. I know some VPN implementations wrap the packet in UDP to make it NAT-friendly but I think this is plain IPsec without a wrapper.
ramidoodle
Grafter
Posts: 265
Registered: ‎28-09-2008

Re: Evening VPN performance issue (IPsec, not L2TP)

Hiya
if the router is the vpn device as well, then you can't find out the actual service offer for the packets.
if it is exactly the same set I though as in the diagram then the wraps will be removed at their destination (the VPN device) which allows you to capture the traffic and check the service offer because the router is only forwarding the packets to the VPN device not re-encapsulating and stripping the wraps the packets.
oliverb
Grafter
Posts: 606
Registered: ‎02-08-2007

Re: Evening VPN performance issue (IPsec, not L2TP)

Oh somewhere I was told to try pinging ntp.plus.net, results are approximately 4% loss, and ping varies between 25 and 80ms mostly, but 150ms once.