Community Record
9
Posts
0
Kudos
0
Solutions
Badges
Oct 14 2017
7:10 PM
I enabled the timestamps then tested with timestamps and other features enabled without a significant improvement. It went from .5mbits down to 1.8mbits down with multiple back to back tests. Client VPN would achieve a download speed of 20-22mbits during the same time period. Upload performance showed a similar variation. Which makes me think the MX65 has a hardware issue.
... View more
Oct 11 2017
6:17 PM
I found this site with tips for tuning the macOS IP stack. Let me give this a shot. https://rolande.wordpress.com/2010/12/30/performance-tuning-the-network-stack-on-mac-osx-10-6/
... View more
Oct 10 2017
10:35 PM
This makes me think the MX65 has a defect.
... View more
Oct 10 2017
10:14 PM
Hmm. Since L2TP is encapsulated within the IPSEC then the throughput shouldn't be different unless there's a MX issue. The only thing different is the origination laptop (l2tp/ipsec) vs mx65 to mx84 using auto vpn.
... View more
Oct 10 2017
10:09 PM
I don't have administrative access to the servers, but have changed the MTU on the workstations. The MTU change didn't improve the situation.
... View more
Oct 10 2017
9:57 PM
The latency is about 254 ms between the sites.
... View more
Oct 10 2017
9:52 PM
The group policies have no traffic shaping bandwidth restrictions, but do have prioritization for netflix, hulu, VoIP, etc. The site to site firewall is empty. logging is enabled...
... View more
Oct 10 2017
9:49 PM
I thought L2TP used port UDP 1701 and IPSEC uses ports UDP 500 and 4500. The L2TP would be unencrypted with an encrypted IPSEC payload. The ISP / ATT could be performing rate limiting on the UDP 500 and 4500 ports and not L2TP.
... View more
Oct 10 2017
6:48 PM
I'm having odd VPN throughput issues. I have a hub location with a MX84 and a remote site with a MX65 using the Meraki Auto VPN (within the same organization). The MX84 is also setup with Client VPN access. The site to site VPN and Client VPN configurations do not permit split tunneling and default route all traffic to the MX84 at the hub location. Here's odd behavior... The Client VPN from the same location to the MX84 with the site to site VPN turned off gets 20-30mbit of throughput, but the site to site vpn tunnel only gets 1.5 to 2 mbits of throughput. Fragmentation and retransmissions do not appear to be an issue. The MX84 has a residential ATT Fiber connection 1gig bi-directional. MX84 supports 250 mbits of combined encryption. The MX65 has a university connection with about 50-60 mbits down and 30-40 mbits up. MX65 supports 100mbits of combined encryption. I've started to wonder if ATT is rate limiting the site to site (IPSEC) packets vs the client vpn which uses L2TP with IPSEC. The MX65 has been setup with all security features turned off allowing it to be performed centrally by the MX84, but that didn't improve performance. I've also attempted to change the MTU size of a workstation to 1350 without any improvements. Ideas?
... View more
