VPN Slow - SMB?

Rick-CFL 21 Reputation points
2022-11-22T19:48:02.947+00:00

Hi Everyone--
I'm hoping someone might have a suggestion. I have a Windows 2019 essentials server domain controller which has been configured for VPN remote access. The configuration looks very generic. It hands out a small 25 ipv4 block of ip addresses on the local network. There is a sonicwall firewall in place forwarding the vpn port from the public ip through the NAT to the internal address of the server. It seems to work. I can connect my PC at a remote site and I get an internal ip address on the remote lan and i can ping the server with normal latency (avg 20-30ms).

The problem is: When I browse the server's network shares and I attempt to open a file (can be any type: pdf, docx, xlsx, etc...) it takes a LONG TIME to open. Like 2-3 minutes. It does, eventually, arrive but with this kind of delay it is not usable.

I also experience the delay if I attempt to copy the file from the remote server share to a local drive. It takes like 2 minutes to download a 68kb file.

Any idea what I can do to improve the performance so this can work and be usable for a few remote users to access the server files?

Thanks,
Rick

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,470 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,173 questions
0 comments
Accepted answer
  1. Gary Nebbett 5,721 Reputation points
    2022-11-22T20:35:52.223+00:00

    Hello Rick,

    Tracing and analysing the network traffic is probably the most effective way of tackling this issue. There are several commands built into Windows that can capture network traffic (pktmon and "netsh trace" being two of them) and a well-known and trusted "free and open-source" tool named Wireshark can both capture and display network traffic.

    Gary

    0 comments

6 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rick-CFL 21 Reputation points
    2022-11-22T22:07:06.427+00:00

    Well I'm in over my head. lol.

    I installed wireshark on my test PC - I connected to the VPN - selected the appropriate ethernet interface in wireshark and began capture. I then navigated to a folder on the network share using windows explorer and opened a test word document. I then waited for it to open and then I closed it. I stopped the capture and then I filtered the wireshark capture for SMB2.

    I see a lot going on -- but honestly, I have no idea if it is good or bad or how to use it to troubleshoot.

    any suggestions? I appreciate it...

  2. Rick-CFL 21 Reputation points
    2022-11-23T14:18:22.627+00:00

    I believe it is the latter case: It is like it is waiting for something then sends the information all at once. But I'm not 100% sure.

    Some of the filenames and directory structures I would prefer not to post publicly. So I'm going to create a TEST folder with a small test.docx -- then recapture. If the capture data does not contain any sensitive info I'd like to post it here. Thanks again for you time and assistance.

    0 comments
  3. Dave Patrick 426.1K Reputation points MVP
    2022-11-23T14:25:04.103+00:00

    Hopefully the VPN/RRAS role is not installed on your domain controller. The multi-homing caused by a vpn will cause no end to grief for active directory DNS

    --please don't forget to upvote and Accept as answer if the reply is helpful--

  4. Rick-CFL 21 Reputation points
    2022-11-23T16:36:22.493+00:00

    It is installed on the domain controller.

    Honestly, with the poor performance of the VPN and the work involved to troubleshoot it -- I am thinking of removing the VPN/RRAS role entirely and going with a different VPN solution. Might try using the sonicwall for VPN and see how it does.