I know from spending a couple times searching for a solution to this that it has been brought up many many times. I've found a combination that works.
1. Disabling offloading is a must - I used `ethtool -K em1 gso off gro off tso off tx off rx off`
2. Using e1000 NIC and not virtio
3. The linux server must be using a bridge device
This is on Linux qemu VM's running Debian. I suspect that on bare metal you'd still need offloading disabled, and a bridge.
I've tested this pretty thoroughly with many different settings, and reboots, on two different servers with different configurations, in different locations.
I tested speeds with iperf3. Upload speeds were gigabit, download speeds were Kbps to a couple Mbps on both a VPN bridge, and using secure nat.
One server was running proxmox with a debian 12 guest VM. The other server was a debian 11 VM running on debian 11 with libvirt.
I still question why it needs a bridge device on the guest (especially when using NAT), but on the one server - that was the last thing I did and it instantly started delivering the high speeds. On the other server the last of the 3 things I did was disable offloading. I tried switching back and forth between disabled and enabled offloading, and between virtio NIC and e1000, both with and without offloading, but I never tried switching back to a non-bridged interface.
I don't have any bare metal to test with at the moment, but I'll try over the next few days on an entirely different server.
SoftEther very slow on Linux virtual VM server when downloading - [FIX]
-
- Posts: 1
- Joined: Fri Nov 17, 2023 2:31 am
-
- Posts: 289
- Joined: Wed Dec 28, 2022 9:10 pm
Re: SoftEther very slow on Linux virtual VM server when downloading - [FIX]
Here are the steps to have maximum speed
1. having a dedicated NIC for the server
2. if (1) was not feasible , then a tap device is preferred (Adding a local bridge)
3. neither (1) and (2) were feasible , then vNAT (Virtual NAT) could be used (least preferred)
and there are more.
Test the client and server speed using relevant tools (e.g ipref, vpncmd, etc)
Test the VPN protocol , some ISPs throttle some protocols
1. having a dedicated NIC for the server
2. if (1) was not feasible , then a tap device is preferred (Adding a local bridge)
3. neither (1) and (2) were feasible , then vNAT (Virtual NAT) could be used (least preferred)
and there are more.
Test the client and server speed using relevant tools (e.g ipref, vpncmd, etc)
Test the VPN protocol , some ISPs throttle some protocols