performance tuning for RDP over mobile user VPN

Hello,
i noticed some difference in performance between L2TP and SSL client.
is this due to MTU size or encryption settings ?
i would prefer SSL client but performance for RDP is very important ( CAD, Autocad over RDP / homeoffice )

any suggestions ?

xtm330 / OS 12.1.3

Comments

  • Try using UDP for SSLVPN instead of TCP

  • @Bruce_Briggs said:
    Try using UDP for SSLVPN instead of TCP

    ok i will try it

    currently encryption is set to AES256, would AES128 or 3DES speed up encryption on weak clients ?

  • Could well be that the firewall does not do SSL encryption, whereas it does for IPSec and L2TP.

    In any case, lower encryption should be faster.

  • I wouldn't go lower than AES128.

  • Bruce nailed it with "Could well be that the firewall does not do SSL encryption, whereas it does for IPSec and L2TP."

    The SSLVPN encryption is done in software, while an IKEv2 VPN has hardware encryption support in the Firebox. My IKEv2 VPN is faster and more stable than my SSLVPN has ever been.

    Gregg Hill

  • edited March 27

    @Bruce_Briggs said:
    Try using UDP for SSLVPN instead of TCP

    i set:
    data channel to UDP 443
    config channel to TCP 443

    after that the vpn shows strange behaviour
    i cannot access www any more

  • If you use DNSWatch, then you can't use UDP port 443 for SSLVPN.
    Use a different UDP port, such as 4443.
    You will need to append the port number being used at the end of the Server IP addr/FQDN
    111.222.333.444:4443

  • ok , i did plenty of testing today
    going to UDP causes a MTU problem. reducing MTU solved the problem.

    UDP indeed is twice as fast

Sign In to comment.