ZYWALL 110 Slow download speed SSL VPN and L2tp over Ipsec.

DmitryYudin
DmitryYudin Posts: 16  Freshman Member
First Comment Friend Collector Third Anniversary
edited April 2021 in Security
Hi!
Have some trouble... Download speed by SMB share and FTP also is 355 kbit!
If i try to upload something it has no restrictions. Full speed.

Where is the key to solve that?
Processor in ZYWALL 110 loading to 3% on that time.

With SSL VPN downloading speed littli bit faster  from 300 until 900 kbit.

Network speed in the office is 100 mbit.
Home network is 100 mbit.

Comments

  • DmitryYudin
    DmitryYudin Posts: 16  Freshman Member
    First Comment Friend Collector Third Anniversary

  • DmitryYudin
    DmitryYudin Posts: 16  Freshman Member
    First Comment Friend Collector Third Anniversary
    Downloading speed is limited by uploading  for client.

    I think i make a mistake but where?
  • DmitryYudin
    DmitryYudin Posts: 16  Freshman Member
    First Comment Friend Collector Third Anniversary
    With SSL speed is fine , i testing it now, but with L2tP speed is ten times slower from server to client
  • Jeremylin
    Jeremylin Posts: 166  Master Member
    First Answer First Comment Third Anniversary
    It could not be slow as you describe...
    As my scenario, L2TP with Samba, the downloading always around 72Mbps.
    The UTM function enabled could be effect the performance as well.
  • DmitryYudin
    DmitryYudin Posts: 16  Freshman Member
    First Comment Friend Collector Third Anniversary
    Hello again, during last week i doing a brainshtorm, but nothing helps me.
    This screenshot is a simple scheme when i connected via cable.

    In the Office provider get me 100 mbit connection, in home also 100 mbit.

    BWM is disabled.
    Trying to change encryption type , nothing happen.
    Trying to change cable on problem computers, nothing happen.

    Wireshark shows me Out-of-Order and DUP ACK packets when i look on it during file transfer or IPERF testing.



    Trying to change MTU, disable offloads from settings network card..

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    50 Answers 500 Comments Friend Collector Fourth Anniversary
    @DmitryYudin
    From our local test report, 
    the performance of L2TP with Samba is 10.2MB(81.6Mbps)
    SSL VPN with Samab is 5.4MB(43.2Mbps)
    Can I know do you enable UTM service?

    Also, as you description, the server 1.53 &1.70 did not face the issue. Therefore, you could check the setting of network for the server which face the issue. Also, confirm that is any configuration which limit the issued server on Switch and Zywall.
  • DmitryYudin
    DmitryYudin Posts: 16  Freshman Member
    First Comment Friend Collector Third Anniversary
    edited April 2020
    @Zyxel_Charlie
    UTM is disabled
    Cable is ok , I tried to change it two times.
    i found this probem on windows server with NIC Multiple network card 
    And on one desktop whith windows ten.
    3 other Desktop have no issue.

    when I copy something via IPSec Ikev1 or L2TP/Ipsec from server or from this desktop download speed is 355 kb / s maximum 
    when I upload something to server from vpn client or to this working fine desktop speed is 5 mb /s (50 mb /s bandwith)
    Problem is only from download something from side under Zywall local network to Ipsec VPN client.

    But from other desktops which are located in this office speed is same for both directions.

    Bwm is disabled, firewalls is disabled

    But via  Zyxel SSL VPN client transfer speed is 1,2 mb / s (10 mbit /s bandwith) on both sides and from Server like from Desktops.


    ZYwall has 4.35(AAAA.3) firmware.
    I have 2 vpn Ipsec connections on Zywall one is configured for Windows native vpn client
    Second is for Shrew vpn client.

    I try to set fixed values of MSS 1400-1300-1200-1100-1000-900 no chance




  • DmitryYudin
    DmitryYudin Posts: 16  Freshman Member
    First Comment Friend Collector Third Anniversary
    Solved!

    Install last critical updates for W10 and WS2019 , reset WinFirewall to default settings.
    Speed up!
    thx everybody!

Security Highlight