performance tuning for RDP over mobile user VPN
i noticed some difference in performance between L2TP and SSL client.
is this due to MTU size or encryption settings ?
i would prefer SSL client but performance for RDP is very important ( CAD, Autocad over RDP / homeoffice )
any suggestions ?
xtm330 / OS 12.1.3
Sign In to comment.
Try using UDP for SSLVPN instead of TCP
ok i will try it
currently encryption is set to AES256, would AES128 or 3DES speed up encryption on weak clients ?
Could well be that the firewall does not do SSL encryption, whereas it does for IPSec and L2TP.
In any case, lower encryption should be faster.
I wouldn't go lower than AES128.
Bruce nailed it with "Could well be that the firewall does not do SSL encryption, whereas it does for IPSec and L2TP."
The SSLVPN encryption is done in software, while an IKEv2 VPN has hardware encryption support in the Firebox. My IKEv2 VPN is faster and more stable than my SSLVPN has ever been.
data channel to UDP 443
config channel to TCP 443
after that the vpn shows strange behaviour
i cannot access www any more
If you use DNSWatch, then you can't use UDP port 53 for SSLVPN.
You can use UDP pot 443, os a different UDP port, such as 4443.
You will need to append the port number being used at the end of the Server IP addr/FQDN
ok , i did plenty of testing today
going to UDP causes a MTU problem. reducing MTU solved the problem.
UDP indeed is twice as fast
New Video - recommends using UPD port and using an AES-GCM for encryption for improved performance:
Optimize Mobile VPN with SSL
Saw that as well. TESTING is highly recommended if you are considering this change as outbound UDP 443 may (should) be blocked. The HTTPS Proxy does NOT include UDP.
I'll be testing this change in my own environment this week.
UDP is just the transport tunnel from the client to the firewall.
HTTPS packets, etc. will be encapsulated within the SSLVPN tunnel - whether the tunnel us TCP or UDP.