Packets losses & high ping using SSL VPN
All Replies
-
Hi @ICLUB,
I've tested this in our labs. RDP connection works fine.
Ping to RDP server is around 8-10ms.
Can you please share some information with me;
1- What's the topology for this RDP through SSL VPN connection?
In lab I tested like the following topology;
PC - Wi-fi - SSL VPN to RDP's gateway - LAN1 - RDP Server
2- How do you check the packet loss?
3- Do you mean with USG40's SSL VPN ping's time is around 60ms, but with OpenVPN is around 1ms?
1ms, sounds really hard to believe that's a SSL VPN performance.
Best regards.
0 -
Hello,Thanks for your reply.1- My topology is the same as yoursPC with SecuExtender client > Wifi or ethernet > Distant modem > Local modem > Zywall > LAN with RDP server2- I'm running a ping -t on the RDP server from my connected SecuExtender client3- Yes exactly. If I ping the RDP server trough SecuExtender there are ~15% of packet losses and an anormaly high ping, but if I connect with an OpenVPN client, my ping to the RDP server is around 1ms and more than negligible packet losses (1 over 500 on average)0
-
Hi @ICLUB,
I created a VPN connection with OpenVPN. But I didn’t see the same symptom here.
Can you please share some information with us;
1- What VPN profile you use for OpenVPN?
2- Where did you download your OpenVPN profiles?
3- How do you access RDP Server after you connecting with OpenVPN?
Best regards.
0 -
Hello,Sorry for the delay, I am quite overwhelmedI downloaded the OpenVPN profile from the Synology NAS, and then I connect with the same RDP shorcut0
-
Hi @ICLUB,
Supposedly 15% packet lose is not reasonable.
Can you please try following options for this case;
1- Change MTU value and adjust it to optimal value.
(Configuration > Network > Interface > Ethernet > wan1 > Interface Parameters > Advance > MTU)
2- Try L2TP VPN connection for this environment and observe if there's packet lose or any connectivity issue.
3- Can you try to disable BWM if it's enabled and check the performance?
Best regards.
0 -
Sorry for the "delay". As I have other customers to take care I took me a lot of time to test multiple MTU. I doesn't changed a thing.Is it possible that my customers where under the attack you recently patched ?Best regards0
-
Hi @ICLUB,
Thank you for your feedback.
Can you please help to try L2TP VPN for RDP connection and see if the symptom still exists?
Regarding to your second question, yes it is a kind of possibility if someone attacked your device. You can refer to the following link in order to mitigate the possible risk:
https://community.zyxel.com/en/discussion/10912/how-to-mitigate-the-threat-of-the-security-incident#latest
0 -
Hi,
did anyone has a solution. I have the same problems. 3 Customers have the ATP100 and same problems.
Ping to the VPN Firewall 30ms on a coax cable modem. SSL VPN Rdp packet loss.
This Problem exists only with the Secure Extender.
Regards0 -
Hi @Lukas1234 ,Unfortunately, I still have no solution.We are ditching Zyxel products for customers in need for a remote access and we are now using OpenVPN or Wireguard..We've been using zyxel for years but we're done. I can't even remember how many USG bricked themselves, reset themselves in the past years. Now this, nope we're out.0
-
hi @Lukas1234
We would like to conduct a lab test based on your configuration file.
Can you send me device startup configuration file in PM?0
Zyxel Employee
Categories
- All Categories
- 394 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 51 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 221 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight
