Data consumption of the VPN bridge

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
Mada
Posts: 100
Joined: Sat Jun 20, 2015 9:40 am

Data consumption of the VPN bridge

Post by Mada » Sat Jun 20, 2015 10:04 am

How much data is a bridge function consuming in itself? I spent 60 % (5GB) of my monthly quota in 3 days!

I am setting up a VPN bridge connecting my summer home over a 3G modem to my normal home.

This is done with a standard setup. The hardware on both sites has two nic:s.

Operating system is Windows 8.1, 64 bit. Softether is version 4.17 (may 2015)

Setup:

Computers etc <--> local-bridged NIC | softhether bridge | 3G modem <--> external NIC | softehter server | local-bridged NIC <--> switch <--> printer etc

I use secure NAT function.

kh_tsang
Posts: 554
Joined: Wed Jul 24, 2013 12:09 pm

Re: Data consumption of the VPN bridge

Post by kh_tsang » Sat Jun 20, 2015 3:47 pm

It depends on your application.

Mada
Posts: 100
Joined: Sat Jun 20, 2015 9:40 am

Re: Data consumption of the VPN bridge

Post by Mada » Sat Jun 20, 2015 7:31 pm

kh_tsang wrote:
> It depends on your application.

Yes, but I was suddenly using a lot more than I expected.

Is there keep alive traffic etc that is of any consideration?

I did not expect the vpn to change noticeably the data usage.

kh_tsang
Posts: 554
Joined: Wed Jul 24, 2013 12:09 pm

Re: Data consumption of the VPN bridge

Post by kh_tsang » Sun Jun 21, 2015 1:42 am

Keeping a TCP connection requires traffic. I did not measure the exact amount of traffic but it seems that L2TP/IPsec requires less traffic from my past experience.

Mada
Posts: 100
Joined: Sat Jun 20, 2015 9:40 am

Re: Data consumption of the VPN bridge

Post by Mada » Mon Jun 22, 2015 7:20 am

kh_tsang wrote:
> Keeping a TCP connection requires traffic. I did not measure the exact
> amount of traffic but it seems that L2TP/IPsec requires less traffic from
> my past experience.

Thank you.

How do I set my server/bridge to communicate that way? It seem they are auto configured.

kh_tsang
Posts: 554
Joined: Wed Jul 24, 2013 12:09 pm

Re: Data consumption of the VPN bridge

Post by kh_tsang » Mon Jun 22, 2015 7:34 am

On the server side, enable L2TP/IPsec server.
On the client side, connect as client and do NAT instead of using the bridge.

Mada
Posts: 100
Joined: Sat Jun 20, 2015 9:40 am

Re: Data consumption of the VPN bridge

Post by Mada » Mon Jun 22, 2015 8:47 pm

kh_tsang wrote:
> On the server side, enable L2TP/IPsec server.
> On the client side, connect as client and do NAT instead of using the
> bridge.

You are talking VPN client now? I have a bridge.

so "local network" <--> softether bridge <--> internet <--> softether server <--> "local network"

kh_tsang
Posts: 554
Joined: Wed Jul 24, 2013 12:09 pm

Re: Data consumption of the VPN bridge

Post by kh_tsang » Tue Jun 23, 2015 3:54 am

"local network" <-----> router <-------> internet <-------> softether vpn server <--------> "local network"

However, DLNA etc. which requires broadcast in the same subnet will stop working in this case.

thisjun
Posts: 2817
Joined: Mon Feb 24, 2014 11:03 am

Re: Data consumption of the VPN bridge

Post by thisjun » Wed Jul 01, 2015 7:17 am

Keep alive packet is about 100 bps.
Most communication is not keep alive.
I think there are many broadcast in your network.
You should divide broadcast domain by using Virtual L3 switch.

Mada
Posts: 100
Joined: Sat Jun 20, 2015 9:40 am

Re: Data consumption of the VPN bridge

Post by Mada » Sun Jul 05, 2015 9:13 am

Interesting, I will try the L3 switch.

Does the two HUB:s need to have different IP ranges or can they have the same? If they can not have the same, how does that work with the virtual DHCP service?

I am thinking this:

remote HUB (192.168.3.x) <-internet-> | wirtual L3 switch| server HUB (192.168.3.x), Secure NAT and virtual DHPC

Edit: The virtual hub is already a level 2 switch. So does that not mean that ip-packets not destined for any computer on a remote Hub will in fact not be sent there? What kind of broadcast traffic can I have?
Last edited by Mada on Sun Jul 05, 2015 10:52 am, edited 1 time in total.

kh_tsang
Posts: 554
Joined: Wed Jul 24, 2013 12:09 pm

Re: Data consumption of the VPN bridge

Post by kh_tsang » Sun Jul 05, 2015 10:36 am

They need to be in different subnets if you are using the built-in virtual layer 3 switch feature.

Mada
Posts: 100
Joined: Sat Jun 20, 2015 9:40 am

Re: Data consumption of the VPN bridge

Post by Mada » Sun Jul 05, 2015 10:55 am

kh_tsang wrote:
> They need to be in different subnets if you are using the built-in virtual
> layer 3 switch feature.

Right, with means I need two virtual DHCP:s? And that means I need to set up two servers and not one server and one bridge??

kh_tsang
Posts: 554
Joined: Wed Jul 24, 2013 12:09 pm

Re: Data consumption of the VPN bridge

Post by kh_tsang » Mon Jul 06, 2015 2:21 pm

To reduce data usage, the L3 switch should be done on the server side, not bridge side or else the bridge side will continue receiving the broadcasts in the LAN. About the DHCP server, you may set it up on the server side as well. I think DHCP broadcasts needed does not consume much traffic.

Mada
Posts: 100
Joined: Sat Jun 20, 2015 9:40 am

Re: Data consumption of the VPN bridge

Post by Mada » Mon Jul 06, 2015 8:09 pm

Thank you, will try that.

I see that two hub must be created on the server. The bridge then can cascade to one of them and L3 switch is between them.

Do I need to activate Secure NAT and DHCP function on both server Hubs?

kh_tsang
Posts: 554
Joined: Wed Jul 24, 2013 12:09 pm

Re: Data consumption of the VPN bridge

Post by kh_tsang » Tue Jul 07, 2015 2:55 am

No need on the hub bridged to your oroginal LAN because there is a DHCP in your original LAN.

However, you need to enable secureNAT on the hub with casade connection and use the DHCP server in it. You need to disable virtual NAT feature and change the default gateway of the dhcp to the IP of the L3 switch. If you have a DHCP server at your side, you don't need to enable SecureNAT.

In the router in your original LAN, add a static route so that there is a route to your bridge side.

Mada
Posts: 100
Joined: Sat Jun 20, 2015 9:40 am

Re: Data consumption of the VPN bridge

Post by Mada » Wed Jul 08, 2015 10:44 pm

So I set everything up.

But I have problem with the routing tables.

From the local site, I can get to the L3 Switch but that reports "Destination net unreachable" for 8.8.8.8

Do I need to add a rout for all non private ip addresses? How do I do that?

Thanks

My setup:

local lan <--> internal NIC | local HUB| external NIC <-->external NIC | server side HUB 1| L3 switch | server side HUB 2 | internal NIC <--> local LAN

kh_tsang
Posts: 554
Joined: Wed Jul 24, 2013 12:09 pm

Re: Data consumption of the VPN bridge

Post by kh_tsang » Thu Jul 09, 2015 2:12 am

For example,
your router is at 192.168.3.1/24
The IP addresses of your virtual L3 switch are 192.168.3.254/24(at the hub bridged to LAN) and 192.168.30.254/24(at the hub for casade connection).

In your router, add a route 192.168.30.0/24 pointing at 192.168.3.254. (Download route)

In your virtual L3 switch, add a route 0.0.0.0/0 pointing at 192.168.3.1. (Upload route)

kh_tsang
Posts: 554
Joined: Wed Jul 24, 2013 12:09 pm

Re: Data consumption of the VPN bridge

Post by kh_tsang » Thu Jul 09, 2015 2:13 am

After that, you may create casade connection and bridge to your second LAN.

Mada
Posts: 100
Joined: Sat Jun 20, 2015 9:40 am

Re: Data consumption of the VPN bridge

Post by Mada » Thu Jul 09, 2015 7:11 am

kh_tsang wrote:
> For example,
> your router is at 192.168.3.1/24
> The IP addresses of your virtual L3 switch are 192.168.3.254/24(at the hub
> bridged to LAN) and 192.168.30.254/24(at the hub for casade connection).
>
> In your router, add a route 192.168.30.0/24 pointing at 192.168.3.254.
> (Download route)

I have added two routes:
192.168.1.0 255.255.255.0 192.168.1.254
192.168.2.0 255.255.255.0 192.168.2.254

where 192.168.1.254 is the interface of the L3 switch.

I am also giving 192.168.x.254 as gateway with DHCP to clients. I am givning 8.8.8.8 as dns.
I have secure NAT active on the HUB that does not cascade. That is the hub bridged to physical internal NIC.
I have only DHCP active on the cascading hub.

>
> In your virtual L3 switch, add a route 0.0.0.0/0 pointing at 192.168.3.1.
> (Upload route)

Does that mean:
0.0.0.0 0.0.0.0 192.168.2.1

Where 192.168.2.1 is my Virtual host´s network interface??

Thank you!

kh_tsang
Posts: 554
Joined: Wed Jul 24, 2013 12:09 pm

Re: Data consumption of the VPN bridge

Post by kh_tsang » Thu Jul 09, 2015 10:46 am

You only need to add the default route on the Layer 3 switch.
The route of your two subnets will be automatically working with your two interfaces.

Suppose your normal home has the subnet 192.168.1.0/24 and 192.168.1.254 is the IP of your L3 switch.
You will need to bridge the first hub to your LAN and connect the L3 switch to the hub and assign IP 192.168.1.254/24.

Then, connect your L3 switch to your second hub, assign 192.168.2.254/24. Add the default route(0.0.0.0 0.0.0.0 192.168.1.1).

In your router, add a route 192.168.2.0/24 pointing at 192.168.1.254 so that the clients and the internet can send packets to your second hub.

SecureNAT is not required. If you do not have DHCP server in your hub that is receiving casade connection from the internet, use the DHCP feature in the SecureNAT. You don't need SecureNAT in your original LAN(normal home) if you have your router assigning IP using DHCP and providing internet gateway.

*
192.168.1.0 255.255.255.0 192.168.1.254
192.168.2.0 255.255.255.0 192.168.2.254
These two routes are wrong and not required.
192.168.2.0 255.255.255.0 192.168.1.254 should be added to your router, not your L3 switch, and not 192.168.2.254. It means the next hop(next router) knowing the route/sending packets to 192.168.2.0/24 is at 192.168.1.254.

kh_tsang
Posts: 554
Joined: Wed Jul 24, 2013 12:09 pm

Re: Data consumption of the VPN bridge

Post by kh_tsang » Thu Jul 09, 2015 10:54 am

When doing IP address assignment on a host,

IP address: 192.168.1.8
Subnet mask: 255.255.255.0
Default gateway: 192.168.1.1 <-- This will actually add a route point 0.0.0.0/0 at 192.168.1.1.

Suppose this subnet is used on Ethernet, when your host send a packet to 8.8.8.8, your host will find the MAC address of 192.168.1.1 and send packet with source 192.168.1.8 and destination 8.8.8.8 to the mac address of which 192.168.1.1 is at.

The host does not need a gateway when sending packets to host in 192.168.1.0/24, just need a route 192.168.1.0/24 pointing at the interface, ARP is used to find the destination MAC address and send packet directly to the destination, assuming there is no ARP proxy.

Mada
Posts: 100
Joined: Sat Jun 20, 2015 9:40 am

Re: Data consumption of the VPN bridge

Post by Mada » Fri Jul 10, 2015 12:07 pm

kh_tsang wrote:
> You only need to add the default route on the Layer 3 switch.
> The route of your two subnets will be automatically working with your two
> interfaces.
>
> Suppose your normal home has the subnet 192.168.1.0/24 and 192.168.1.254 is
> the IP of your L3 switch.
> You will need to bridge the first hub to your LAN and connect the L3 switch
> to the hub and assign IP 192.168.1.254/24.

Ok, yes this is my setup.

>
> Then, connect your L3 switch to your second hub, assign 192.168.2.254/24.
> Add the default route(0.0.0.0 0.0.0.0 192.168.1.1).

Ok, done.
>
> In your router, add a route 192.168.2.0/24 pointing at 192.168.1.254 so
> that the clients and the internet can send packets to your second hub.

I do not have a router. It is all software softether on tow pc:s with dual NIC:s.
I might add the rout in windows with: route adddestinationmasksubnetmaskgatewaymetriccostmetricifinterface
>
> SecureNAT is not required. If you do not have DHCP server in your hub that
> is receiving casade connection from the internet, use the DHCP feature in
> the SecureNAT. You don't need SecureNAT in your original LAN(normal home)
> if you have your router assigning IP using DHCP and providing internet
> gateway.

I have now secure NAT and DHCP om my primary HUB (is is 192.168.2.0/24). This HUB has a NIC bridged to it. That nic is only connected to my home appliances. Not internet.

Second NIC is not bridged to the virtual HUBS but connected to internet.

>
> *
> 192.168.1.0 255.255.255.0 192.168.1.254
> 192.168.2.0 255.255.255.0 192.168.2.254
> These two routes are wrong and not required.

I removed them.

> 192.168.2.0 255.255.255.0 192.168.1.254 should be added to your router, not
> your L3 switch, and not 192.168.2.254. It means the next hop(next router)
> knowing the route/sending packets to 192.168.2.0/24 is at 192.168.1.254.

I do not have a router. I might add the rout in windows with: route adddestinationmasksubnetmaskgatewaymetriccostmetricifinterface

------------------

Mada
Posts: 100
Joined: Sat Jun 20, 2015 9:40 am

Re: Data consumption of the VPN bridge

Post by Mada » Fri Jul 10, 2015 12:11 pm

kh_tsang wrote:
> When doing IP address assignment on a host,
>
> IP address: 192.168.1.8
> Subnet mask: 255.255.255.0
> Default gateway: 192.168.1.1 <-- This will actually add a route point
> 0.0.0.0/0 at 192.168.1.1.
>
> Suppose this subnet is used on Ethernet, when your host send a packet to
> 8.8.8.8, your host will find the MAC address of 192.168.1.1 and send packet
> with source 192.168.1.8 and destination 8.8.8.8 to the mac address of which
> 192.168.1.1 is at.

It seems as 192.168.1.1 does not understand that it should forward to 192.168.1.254?? It should, should´d it?
If I set 192.168.1.254 as default gateway, then it works!

>
> The host does not need a gateway when sending packets to host in
> 192.168.1.0/24, just need a route 192.168.1.0/24 pointing at the interface,
> ARP is used to find the destination MAC address and send packet directly to
> the destination, assuming there is no ARP proxy.

kh_tsang
Posts: 554
Joined: Wed Jul 24, 2013 12:09 pm

Re: Data consumption of the VPN bridge

Post by kh_tsang » Fri Jul 10, 2015 5:21 pm

I mean when your external router sees the destination is under 192.168.2.0/24, the packet will be sent to the MAC address of which 192.168.1.254 is at.

Therefore, 192.168.2.0 255.255.255.0 192.168.1.254 in your external router, not the virtual layer 3 switch.

Mada
Posts: 100
Joined: Sat Jun 20, 2015 9:40 am

Re: Data consumption of the VPN bridge

Post by Mada » Fri Jul 31, 2015 5:14 pm

I have now set up a L3 switch with the help from the forum. Thank you.

However, I still get strange results.

Watching an episode that should take 700 MByte of data gives me different results:

With a simple Vpn connection: 700 MByte, as expected.
With a brigde connection: 1,6 Gbyte of data.

How can this be??

Se attached schematics of the setup.
Attachments
softether_server-bridge-vpn.JPG

kh_tsang
Posts: 554
Joined: Wed Jul 24, 2013 12:09 pm

Re: Data consumption of the VPN bridge

Post by kh_tsang » Sat Aug 01, 2015 7:59 am

Then I have no idea.

thisjun
Posts: 2817
Joined: Mon Feb 24, 2014 11:03 am

Re: Data consumption of the VPN bridge

Post by thisjun » Thu Aug 20, 2015 5:52 am

How did you know or measure the traffic size?

Mada
Posts: 100
Joined: Sat Jun 20, 2015 9:40 am

Re: Data consumption of the VPN bridge

Post by Mada » Wed Oct 14, 2015 9:53 pm

thisjun wrote:
> How did you know or measure the traffic size?
Well, I just looked at the ISP meter. They tell you how much you have left.

Mada
Posts: 100
Joined: Sat Jun 20, 2015 9:40 am

Re: Data consumption of the VPN bridge

Post by Mada » Wed Oct 14, 2015 9:57 pm

kh_tsang wrote:
> Then I have no idea.

What does the "Deny broadcast" setting do? Wouldn't it help me same as the switch?

thisjun
Posts: 2817
Joined: Mon Feb 24, 2014 11:03 am

Re: Data consumption of the VPN bridge

Post by thisjun » Thu Oct 22, 2015 8:00 am

Could you try packet logging?

mo_uk
Posts: 6
Joined: Sun Jun 10, 2018 4:35 am

Re: Data consumption of the VPN bridge

Post by mo_uk » Sun Jun 10, 2018 5:34 am

i have the same issue

When i use bridge i spend 1 GB in less than one hour without using internet with any application only connect vpn ?

Without VPN connection
Current Rate:
20.445KB/S(UP)
4.662KB/S(DOWN)

With VPN connection Current Rate:
131.212KB/S(UP)
83.905KB/S(DOWN)

how can i fix this issue ?

thisjun
Posts: 2817
Joined: Mon Feb 24, 2014 11:03 am

Re: Data consumption of the VPN bridge

Post by thisjun » Thu Jul 12, 2018 5:31 am

I think somewhere host uses default gateway beyond the VPN.
Please check it!

Post Reply