Hi ,
I have a customer with the following inquiry..
"I have noticed an interesting performance issue with my "production" environment and Wingate:
Configuration:
Wingate VPN server installed on Dell Server (Primary Domain Controller) under Windows NT Server 4.0 sp6a
Wingate VPN client installed on Dell laptop under WinXP
If both server and client are running on the local network behind the firewall, system performance appears sluggish, especially on first access to a directory, or the first access of a network program accessing files or systems on the Dell server's disks. For example, starting an Excel spreadsheet located on the server's shared disks may take up to 10 seconds from time of Excel launch (local program) to the time the spreadsheet is loaded and ready to work on. (Note: the VPN is active, but has a conflicting routing information)
If I disable the VPN on both the server and client ends, the access is relatively quick - only 1-2 seconds to launch.
Can I do something to allow the VPN to always run even with connected locally, while preserving local network performance?"
Can you offer any suggestions that I can pass along?
Thanks
Joan Chandler
WinGate VPN Performance Issue
Moderator: Qbik Staff
7 posts
• Page 1 of 1
WinGate VPN Performance Issue
by ccsoft » Sep 13 03 8:08 am
- ccsoft
- Posts: 38
- Joined: Sep 13 03 8:04 am
Re: WinGate VPN Performance Issue
by Pascal » Sep 13 03 6:00 pm
ccsoft wrote:Hi ,
I have a customer with the following inquiry..
"I have noticed an interesting performance issue with my "production" environment and Wingate:
Configuration:
spreadsheet located on the server's shared disks may take up to 10 seconds from time of Excel launch (local program) to the time the spreadsheet is loaded and ready to work on. (Note: the VPN is active, but has a conflicting routing information)
Joan Chandler
The conflicting routes might be the problem. Is it possible to post the route tables to the forum ? (Or email them to me directly) A conflicting route could mean that the network traffic is being bounced to the other end of the VPN and back again. (Depending on the conflict / setup) which could account for the low performance.
- Pascal
- Qbik Staff
- Posts: 2623
- Joined: Sep 08 03 8:19 pm
- Location: Auckland, New Zealand
by adrien » Sep 15 03 12:12 pm
running a VPN on a local subnet has a couple of issues associated with it.
Firstly are the route conflicts, as you get VPN routes created with the same destinations as local routes on the machines involved.
secondly you can sometimes end up with UDP broadcast relay loops, which quickly bog down your network. You may need to disable UDP broadcast relaying on one or other of the VPN node machines.
Adrien
Firstly are the route conflicts, as you get VPN routes created with the same destinations as local routes on the machines involved.
secondly you can sometimes end up with UDP broadcast relay loops, which quickly bog down your network. You may need to disable UDP broadcast relaying on one or other of the VPN node machines.
Adrien
- adrien
- Qbik Staff
- Posts: 5441
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by marcj » Jan 19 04 5:10 pm
Hi,
You are correct - there is a routing conflict: from the client Gatekeeper screen:
VPN Server and Primary Domain Controlller - published routes
192.168.1.230/255.255.255.255 (in conflict)
192.168.1.0/255.255.255.0 (Ingored/Local Conflict)
For the client: no conflict evident
192.168.1.0/255.255.255.0
192.168.1.224/255.255.255.255
I am not sure I understand how to get rid of this conflict, and the performance issue. How do I do the configuration?
a) the Dell laptop is used inside the firewall on the local subset (for which VPN is not wanted) with a static IP 192.168.1.224 (associated with the docking station)
b) the laptop is also used outside the firewall to connect via the internet (VPN wanted.) using DHCP, but the static IP 192.168.1.224 is used after making the VPN connection. The VPN seems to works in this case.
The laptop has two network cards, and I used a Linksys BEFSR11 router's DHCP server to make available 192.168.1.50->192.168.99 as needed for other internal lan users. I have the HOSTS and LMHOSTS file set up with the names and static IPs of all machines on the local network.
How do I configure the laptop's IP? Also how do I assign the parameters of Wingate VPN to let me work efficiently locally, but allow connection remotely? Stopping the VPN server and the VPN client is the only way I seem to be able to eliminate the performance issues I observe locally from the laptop otherwise.
Thanks,
Marc
You are correct - there is a routing conflict: from the client Gatekeeper screen:
VPN Server and Primary Domain Controlller - published routes
192.168.1.230/255.255.255.255 (in conflict)
192.168.1.0/255.255.255.0 (Ingored/Local Conflict)
For the client: no conflict evident
192.168.1.0/255.255.255.0
192.168.1.224/255.255.255.255
I am not sure I understand how to get rid of this conflict, and the performance issue. How do I do the configuration?
a) the Dell laptop is used inside the firewall on the local subset (for which VPN is not wanted) with a static IP 192.168.1.224 (associated with the docking station)
b) the laptop is also used outside the firewall to connect via the internet (VPN wanted.) using DHCP, but the static IP 192.168.1.224 is used after making the VPN connection. The VPN seems to works in this case.
The laptop has two network cards, and I used a Linksys BEFSR11 router's DHCP server to make available 192.168.1.50->192.168.99 as needed for other internal lan users. I have the HOSTS and LMHOSTS file set up with the names and static IPs of all machines on the local network.
How do I configure the laptop's IP? Also how do I assign the parameters of Wingate VPN to let me work efficiently locally, but allow connection remotely? Stopping the VPN server and the VPN client is the only way I seem to be able to eliminate the performance issues I observe locally from the laptop otherwise.
Thanks,
Marc
- marcj
- Posts: 2
- Joined: Jan 19 04 4:08 pm
by adrien » Jan 22 04 1:13 pm
You can configure the VPN to only join up manually. Running the VPN software or not doesn't matter until the client actually tries to join a VPN.
So, if you set the VPN configuration on the client to join manually, you can leave it disconnected until you need it when you are outside the network.
Adrien
So, if you set the VPN configuration on the client to join manually, you can leave it disconnected until you need it when you are outside the network.
Adrien
- adrien
- Qbik Staff
- Posts: 5441
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by marcj » Jan 22 04 6:37 pm
I find with the VPN server running, and no client operational, there is a SIGNIFICANT delay in (say) accessing a directory for the first time on the server. The server being "alive" in this situation appears to contribute to the delay in server file access (the VPN server machine is also the domain Primary Domain Controller and file server.
Is there perhaps a server caching issue involved here that I am unaware of? Or perhaps a protocol timeout to resolve that could be speeded-up by a reordering of protocols?
I am a relative novice in these issues, so all help is appreciated.
Thanks,
Marc
Is there perhaps a server caching issue involved here that I am unaware of? Or perhaps a protocol timeout to resolve that could be speeded-up by a reordering of protocols?
I am a relative novice in these issues, so all help is appreciated.
Thanks,
Marc
- marcj
- Posts: 2
- Joined: Jan 19 04 4:08 pm
by erwin » Jan 23 04 9:48 am
Hi Marc
Because of the way that the advertising/sharing of resources and machine names is distributed in a windows Lan environment (using Netbios protocol) there can be a significant time lag before computers receive info on what folders files are available shared etc.
May I suggest you take a read of the knowledge base article on our Website about Netbios and the WinGate VPN to help make things a little clearer about why your seeing these delays.
http://support.qbik.com/index.php?_a=kn ... ubcat&_i=2
Hope this helps
Regards
Erwin
Because of the way that the advertising/sharing of resources and machine names is distributed in a windows Lan environment (using Netbios protocol) there can be a significant time lag before computers receive info on what folders files are available shared etc.
May I suggest you take a read of the knowledge base article on our Website about Netbios and the WinGate VPN to help make things a little clearer about why your seeing these delays.
http://support.qbik.com/index.php?_a=kn ... ubcat&_i=2
Hope this helps
Regards
Erwin
- erwin
- Qbik Staff
- Posts: 408
- Joined: Sep 03 03 2:54 pm
7 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 9 guests