Bonded Lan-Lan VPN Performance Issues

Forums Network Management ZeroShell Bonded Lan-Lan VPN Performance Issues

  • This topic is empty.
Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
  • #41713

    I’m a new user to ZeroShell and so far I’ve been very impressed, great work!

    Here’s my current issue:

    When downloading data over the VPN using a single connection (either one) I get speeds averaging 5-6Mbit/sec. However when using the bonded connection I download at an average of 1Mbit/sec.
    Note: Upload bandwidth does increase when using the bonded connection.

    Here are some points about my current setup.

    I have a Lan-Lan VPN setup connected over a BOND using two VPN connections.

    Individually my connections are rated for (DSL) 7Mbit/sec and (Cable) 10Mbit/sec.

    My Remote Server connections are setup as:
    Running ZeroShell_Beta11
    ETH00 <- Cable Modem (10mbit)
    ETH01 <- Single Private IP
    ppp0 <- DSL Modem (7mbit)
    BOND00 <-
    VPN00 <- Connect to Main via gateway: ETH00 @ port X
    VPN01 <- Connect to Main via gateway: ppp0 @ port Y
    NetBalancer is enabled for ETH00 and PPP0
    Has ETH00 and PPP0 listed in the NAT devices

    My Main Server connections are setup as:
    Running ZeroShell_Beta12
    ETH00 <- Single Public IP
    ETH01 <- Single Private IP
    BOND00 <-
    VPN00 <- Setup to receive UDP connections on port X via ETH00
    VPN01 <- Setup to receive UDP connections on port Y via ETH00
    Has ETH00 listed in the NAT devices

    – Both connections are Up in the BOND.
    – Traffic is being routed through both connections when monitoring the BOND’s info
    – Disabling encryption increased the performance of the connection to an average of 2MBit/sec
    – The Main server has 192MB Ram allocated to it (Core2 2.4ghz)
    – The Remote server has 384MB Ram allocated to it (2 x Xeon 3.4ghz)

    Any idea’s on things I can try to increase my throughput?
    Is it ok to have two different versions of ZeroShell connecting together?

    Thanks for the great product, I’ve been having lots of fun with it!


    Hello, I plan on doing this very same thing.

    Were you able to resolve the issue to improve your download speeds?
    Is it an issue on the far end?

    Do you have a zeroshell device on the far end that is also bonded the same vpn connections?

    Thanks for any info, I plan on doing this soon.


    When you configure VPN in bridge or bond interface you should disable the compression of the traffic because in these cases it is just an overhead.




    I have ZeroShell on both sides of the connection, both were configured to use the bonded vpn connections. For now I’m using just a single connection because of the faster download speeds.

    Bonded or not, I’m loving the lan-lan vpn. I hated having all my local machines having to “dialup” into our old ppptp.


    The bonds have encryption enabled but no compression. Disabling encryption does increase the traffic speed, but even then (no compression, no encryption) the download speed doesn’t match that of a single connection.

    Would the two connections coming into a single connection make a big impact?

    The server has one public IP with two VPN ports open for connections. I can give the server two public IPs, but I can’t do anything about the single network card.

    My remote ZeroShell connects to each of the VPN ports through different internet connections (DSL goes to port A, Cable goes to port B).

    My remote ZeroShell shares the NIC connected to the DSL connection with the internal network (has an IP in it’s ETH01 and a PPPoE connection using it). I don’t have an extra card lying around but I can also go pick one up if you think it might be an issue.

    I also wonder about the Ram requirements. Both machines are running as virtual machines with a not so generous amount of memory (192mb and 384mb).

    I also forgot to mention the Remote machine running ZeroShell_Beta11 has the MLPPP patch from, and my DSL connection is running with multilink enabled. That machine has 384MB allocated to it and two Xeon’s so I wouldn’t have thought that would be an issue.

Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.