Archive for March, 2012

Stalling File Transfer Over VPN

The other day I had cause to allow someone to access their corporate VPN over my home internet connection. After I had configured the appropriate pass-through settings for the IP address that my DHCP server had allocated their laptop they were able to connect easily. One issue remained however; whenever they checked a file out of sharepoint that was over 250Kb or so, the file transfer to their machine would stall and consequently crash the browser.

Google threw up all sorts of possibilities but the more things we tried (and that failed) the more I couldn’t escape from the idea that it must be some network related issue. I got to thinking about the nature of VPN and how there is an initial connection and then a large stream of UDP packets over the tunnel for the data transfer. That’s when a light bulb switched on – I’d seen something like that before in my Draytek router settings.

Draytek have a nice selection of anti denial of service features which I have activated to protect my network. Some of these concern certain types of flood defense; where a count of packets is maintained and if it exceeds a certain threshold then the connection will be dropped for a period of time. This would result in the appearance of a stall for any file transfer caught up in the melé. Bingo!

The culprit setting is shown in the screen shot below, “Enable UDP flood defense”. Originally this was set to 150, I had to set it to 1000 in order to eliminate that VPN issue.

Draytek DoS UDP Settings Screenshot

It’s worth discussing why the number has to be so high for my fix and why it may not need to be so high for you. Most home connections over VPN end up being below 5Mbit or so with the corporate end point on the other hand being capable of 100Mbit. This results in the overall speed obviously being tied to your 5Mbit speed. In my case I use the FTTC technology and thus have speeds up to 80Mbit. This means I can transfer many more packets per second than most people on home connections so it is likely that you won’t have to go so high as 1000 to get the desired result in the Draytek settings.

I hope this helps someone out, feel free to get in touch with me if you have any questions.

Comments (4)