softether over softher bridge slow

[badsmoke]

Hi guys, as usual, problems only come into play when it becomes important.

we have a softether server in the aws cloud, and a bridge on our office to the softether server.

All users can connect wonderfully, get a dhcp address from our office dhcp server and can continue working as usual. But the total download/upload rate is limited to almost exactly 1mb/s .
(we have isp from 10mb/s down and 5mb/s upload)

i have tried some settings i have read elsewhere: disable udp acceleroation, tcp connection to 32, disable ipv6.

i have also tried different machines the softether bridge runs on (real machines, kvm, vboxvm). In all of them the connection works as usual but unfortunately there is no speed boost.

let's get back to the setup:

(office net, dhcp server)softhether-bridge <-----> aws (softether cloud) <-----> all users


please help me if you need anything, logs or exact details, iperf( same result with tcp/udp)

1mb/s are quite ok for a user.....but not for 20
why did i feel that it is because of the bridge? i have the same settings again running somewhere else (without bridge) and i get the maximum possible speed

[centeredki69]

First off the MAX download speed the VPN client will ever get is your office upload 5mb/s. Minus some speed due to the VPN encryption.
1) Are the VPN clients using the SE-client protocol or some other (OpenVPN, L2TP, SSTP)?
2) To verify, So the Office is a physical machine running SE- bridge with a "Local Bridge" connected to the "BRIDGE" Virtual HUB" and the "BRIDGE" Virtual HUB" has L2 "Cascade connection" to the "SE-Server" on AWS?
3) Is the firewall ( if there is one) port open/forwarded at the AWS location or are the VPN clients & cascade connecting using NAT transversel
4)Does the "virtual HUB" on the SE-Server have "SecureNAT" Running ?
5) Are there resources at the AWS location that the VPN clients also need? If not the VPN Clients could direct connect to a "SE- server" installed at the office location.

[badsmoke]

thanks for your help

1. the clients are wildly mixed, most use l2tp/ipsec, others openvpn or the SE-client.
2. i have now installed the bridge on different devices, Vbox-VM, KVM and physical machine, there is no difference in speed (only one on at a time). In all three variants I tried the same config: "local bridge" -> HUB "BRIDGE" and L2 "Cascade connection" to the SE server on AWS.
3. all ports in AWS VM are released directly to the outside:

HTTP TCP 80 0.0.0.0/0 -
HTTPS TCP 443 0.0.0.0/0
Custom UDP UDP 1701 0.0.0.0/0 -
Custom UDP UDP 1194 0.0.0.0/0 -
SSH TCP 22 0.0.0.0/0 -
Custom UDP UDP 4500 0.0.0.0/0 -
Custom UDP UDP 500 0.0.0.0/0 -

Did I forget one?

4. there is no SecureNAT running on the SE server
5. the office network is not directly accessible from the outside through a dmz, therefore no SE server with port forwarding can run there, therefore the solution with the bridge

[centeredki69]

All your configurations should allow for optimum performance. On the cascade connection & any SE-clients I would return "UDP acceleration" back to ON. I generally set My TCP connections between 8-15. Sometimes I get a little better performance and sometime it doesn't do anything. It seems to depend on the hardware at a given location but I cant find the common thread. I generally find the "Local Bridge" & "Casscade" setup gives good performance all though I never actually us the "SE Bridge" software. I always use the "SE-Server" software at both locations. This allows me to choose which direction I want to connect. It also allows direct VPN-client connections when needed. The SE-Bridge is just a stripped down version of the SE-Server. I apologize that I have not real solutions to offer you.

One last thought are you using a dedicated NIC without any protocol stack for the "local Bridge" at the office "SE-Bridge" location?
So this HOST would have 2 NICs. one functions as normal and the other handles the "local Bridge" at layer 2. see link
https://www.softether.org/4-docs/1-manu ... rk_adapter

[badsmoke]

thanks for the help, unfortunately there is still no improvement.
Instead of the SE-Bridge I used the SE-Server now, they behave the same as expected.

I have activated a second network card without protocol stack and used it as a local bridge, unfortunately there is no improvement.

I also noticed that when I use a KVM, I can only reach one tenth of the speed with the same settings. All computers are not even close to full capacity and nothing else is running over the network.

Is there a possibility to connect several SE-Bridge in a network with the same server? In case of emergency I start 5 bridges to reach the desired speed

[OliverTejada]

Your setup is well done. I think the deficiency is between the bridge at your office and the SE Server at AWS. You can completely verify this by using SE's network traffic speed test tool included in SoftEther's VPN Client for Windows. Install it on both, your AWS server and the host at your office. When you're done installing, find such tool and configure the roles: your office as the client, the SEVPN as the test server.

Client setup



test server setup


Make the listening port on test server reachable at AWS (open it). You can choose any port, as long as it's not in use by any other program on that server, then hit run and observe the results... If you're still getting that 1 megabit throughput bidirectionally, then there is the problem. You should see around 10 megabit down, as this is the max download speed at your office.

You can also test this exact same setup between your clients and your office. Make your office the test server and verify if they're getting 5 megabits.

[genesys]

Have you got the vpnazure option enabled and are you connecting through yourname.vpnazure.net or do you connect through yourname.softether.net?