Stalling File Transfer Over VPN
The other day I had cause to allow someone to access their corporate VPN over my home internet connection. After I had configured the appropriate pass-through settings for the IP address that my DHCP server had allocated their laptop they were able to connect easily. One issue remained however; whenever they checked a file out of sharepoint that was over 250Kb or so, the file transfer to their machine would stall and consequently crash the browser.
Google threw up all sorts of possibilities but the more things we tried (and that failed) the more I couldn’t escape from the idea that it must be some network related issue. I got to thinking about the nature of VPN and how there is an initial connection and then a large stream of UDP packets over the tunnel for the data transfer. That’s when a light bulb switched on – I’d seen something like that before in my Draytek router settings.
Draytek have a nice selection of anti denial of service features which I have activated to protect my network. Some of these concern certain types of flood defense; where a count of packets is maintained and if it exceeds a certain threshold then the connection will be dropped for a period of time. This would result in the appearance of a stall for any file transfer caught up in the melé. Bingo!
The culprit setting is shown in the screen shot below, “Enable UDP flood defense”. Originally this was set to 150, I had to set it to 1000 in order to eliminate that VPN issue.
It’s worth discussing why the number has to be so high for my fix and why it may not need to be so high for you. Most home connections over VPN end up being below 5Mbit or so with the corporate end point on the other hand being capable of 100Mbit. This results in the overall speed obviously being tied to your 5Mbit speed. In my case I use the FTTC technology and thus have speeds up to 80Mbit. This means I can transfer many more packets per second than most people on home connections so it is likely that you won’t have to go so high as 1000 to get the desired result in the Draytek settings.
I hope this helps someone out, feel free to get in touch with me if you have any questions.
Need help using my Calendar plugin on your site?
Are you in my address book yet?
I've canned 3,564,022 spam blog comments so far and rising.
I have a zero tolerance on spam!
You know it’s been a good night when you wake up in Equador 
Jamie Said,
March 16, 2012 @ 5:19 am
The note you left about syn flood settings in your router saved me! I was about to give up, because I thought it was the router crashing! Palm-meets-forehead
Glad you left that tip!
Nic Skerten Said,
March 29, 2012 @ 2:13 pm
Came upon your blog post while trying to find an answer to a similar problem I have had with accessing a VPN from my home office. I don’t use a Draytek router but I will check to see if mine is using a similar flood defense system.
Many thanks
Ralpho Said,
August 11, 2012 @ 2:20 pm
Thanks for blogging about this fix. Already bought another router because my Draytek seemed to be choking on bittorrent traffic, but increasing this threshold definitely did the trick.
Andrew Said,
March 25, 2013 @ 6:17 pm
Hi, thank you for this. I came across your post whilst looking for the answer for another VPN problem but reading it clarified a few bits of understanding for me!