does anyone have any experience running the vpn client through a satellinte uplink product to a vpn concentrator? for example, when surfing the web thru the satellite service (i.e. direct-way) the speeds are very fast. however , after establishing an vpn tunnel the throughput goes down dramatically. does any one know the ezplanation for this and is there a fix?
Had the exact same problem. You can try adjusting the MTU. Start at 1400 and work your way down.. I finally got resonable speeds at 1300. It was still very problematic though I have seen here other people use it w/o a problem. We ditched it for an ISDN line after a while anyway.
TCP/IP) can be inefficient using satellite links due to latency created by long transmission path lengths and the noise associated with wireless links. Because geosynchronous satellites are in orbit at 22,300 miles high, there is a very long delay in the up/down link.(on the order of .25 - .50 of a second) Though TCP can be optimized for operation over satellite links to a certain degree, (buffering, proxy, spoofing, etc.) it does not consistently perform well under the full range of varying conditions that are expected to occur when the communications path comprises multiple satellite and terrestrial segments. These conditions include error rates caused by channel noise (not simply network congestion), link asymmetry (different bandwidths in opposing directions), long propagation delays, and interrupted connectivity. TCP was designed to operate in a low-noise environment and, therefore, tends to treat all packet loss as due to network congestion. The normal reaction of the TCP congestion control algorithms to either real congestion or to packet corruption, caused by a high bit error rate on the link, is to throttle back on the packet transmission rate (reduce sliding window).
Also, acknowledgements that are delayed in transmission can force a retransmission of data that has actually been received correctly. Because VPN is an end to end link, as opposed to just say an HTTP best effort connection, it will be slower.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...