Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19
  1. #11
    Newbie
    Join Date
    Sep 2018
    Posts
    5

    Default

    I understand what you are saying, but technically that would be an OS and driver issue, not a hardware issue. The hardware IS capable of supporting very high speeds.

    If Debian suffers a 70% performance drop compared to OpenBSD when the hardware is constant, that's a software issue, not a hardware issue.
    JasonJoel likes this.

  2. #12
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    22,631

    Default

    Yes sir, you are indeed correct that it's a software issue. It's a software issue that lies in the simple fact that Untangle requires VASTLY more hardware to maintain performance relative to PFSense. The former is a layer 7 firewall that plays at layers 2 and 3. The latter is a layer 2 and 3 firewall, that plays at layer 7.

    This distinction is substantial. And you indicate that the platform you have needs ~20% of the CPU just to operate your VPN. Untangle is heavier by itself, and you're putting the VPN on top of that. This reality is by design, and the nature of the additional work Untangle does doing all that it does relative to what PFSense does.

    You chose software that needs more hardware. So you have a choice, choose different software, or upgrade the hardware. I want to be clear here that this is not a fault of either platform. Both of them are good at what they do. But Untangle to get the benefits it has at layer 7 requires far more CPU and RAM to get the job done. The final nail is the software support for the OS in question. Linux drivers and BSD drivers are not the same, and they aren't supported the same by the market. This influences system performance as well. So yes, it's normal to see some devices perform better with BSD than Linux, and the same in reverse.

    I use both products in production, and have for years. Comparing them is really an exercise in frustration. They simply don't do the same things.
    Last edited by sky-knight; 09-27-2018 at 12:41 PM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #13
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,478

    Default

    My home connection is only 150Mbit, and I'm currently maxing that out through tunnel vpn even on a tiny linksys router. While I post this and with no bypass rules at all.

    If the goal is to troubleshoot, you should troubleshoot the issue.
    If the goal is to assign blame to software or hardware or NICs or Untangle or pfsense or openvpn or drivers or Linus himself, then go ahead and assign blame to whatever you want. No need to convince anyone - but realize it won't get you any closer to solving the issue. If the goal is to convince others that the blame is a certain issue, then you will need to do a better A/B test than changing literally thousands of variables. Usually its better to actually isolate the issuer in its entirety before moving on to assigning blame.

    I would venture its a configuration issue. Especially since you said UDP connections don't work. That seems like good hint that there is a major issue somewhere. (Routing issue? MTU? something shaping upstream?) Just ignoring it and switching to TCP, which will certainly perform worse especially in busy network, is not solving the issue its just avoiding it.
    Last edited by dmorris; 09-27-2018 at 01:00 PM.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #14
    Newbie
    Join Date
    Sep 2018
    Posts
    5

    Default

    If Layer 7 processing is truly this much slower than Layer 3, the Untangle dashboard should show my CPU utilization maxed out when I'm trying to run VPN. But it barely moves and is close to zero. That tells me there is plenty of hardware resources left to handle increased speeds.

    I never said Untangle should have comparable speed to pfsense. I simply referenced pfsense to show that my hardware can run OpenVPN at speeds 300% faster than TunnelVPN (OpenVPN) speeds on Untangle. If Untangle is truly maxing out hardware at 30 Mbps (even though dashboard says it isn't), while psfense is less than 20% at 100 Mbps, that means that Untangle's layer 7 architecture is 15X slower than pfsense. Doesn't that strike anyone as too high to be accurate? It does me.

    Keep in mind, I wrote into support asking how to fix this. I was told in email by Untangle that this was a software issue, that there was nothing I could do to fix it, and I would need to wait until the next major build to get it fixed. It now appears that that answer was inaccurate. But it wasn't my bad information - that bad information came directly from Untangle.

    I would be happy to resolve this. Again, I can get everything working fine in other software packages. I can't get it working in Untangle. Documentation is almost non-existent. Telling me to fix it without telling me how to fix doesn't help the conversation
    Last edited by ChrisAZ; 09-27-2018 at 01:12 PM.

  5. #15
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    22,631

    Default

    DMorris is a founding member of Untangle, and a lead developer. Whatever he says in this thread is vastly more accurate than anyone in the support team. He's already indicated to you that there is no speed limit, and that support was dead wrong. So you need to let go of that idea, because it is indeed incorrect.

    He's also correct that you need to figure out what's going on with the protocols, because injecting TCP encapsulation is going to murder performance by itself. Such is the nature of TCP and why OpenVPN uses UDP by default.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #16
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,478

    Default

    Yeah, sorry about the misinformation sending you in the wrong direction.

    Like I said, we'd love to help, we just need information. If you want to get help through support (assuming you're a subscriber) we can help there too.

    To get help here, please start here:
    https://forums.untangle.com/announce...uidelines.html

    Those guidelines are to help us help you. It has some great hints.
    (For instance, we should start our own thread instead of threadjacking SeanATron's thread, who almost certainly has an entirely different issue and may even be using a completely different VPN provider)

    For you, I'd suggest debugging why UDP doesn't work first. What does "doesn't work" mean in this case?
    Do you get an error? Does it fail to connect? What does it say in the logs? etc. Screenshots never hurt. Are you using OpenVPN or Tunnel VPN?

    Which VPN service are you using? Does your server have remote support access enabled?
    Last edited by dmorris; 09-27-2018 at 01:38 PM. Reason: add questions
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #17
    Newbie
    Join Date
    Sep 2018
    Posts
    5

    Default

    I uninstalled the TunnelVPN app and reinstalled it. Then applied the exact same OPVN config files and instantly UDP started working. I'm getting 112 Mbps of throughput. I'm happy with the performance.

    @dmorris. I'm going to ignore the other folks that attacked me on this forum. But if that's what one has to do to get support for your product, that's a big turn off. A friend recommended I try Untangle and I downloaded it two weeks ago to evaluate it. I found a problem and engaged customer support. I then see others are having similar issues and simply post what customer support told me. Then I'm attacked. If people had spent their time attacking the problem instead of attacking the customer, this would have been resolved quickly. I was given specious answers on this forum (Layer 7 is too inefficient! If you want faster speeds, use a different product! Debian drivers aren't as fast as OpenBSD drivers!) Not one did anything to diagnose and correct the problem. My hardware, ISP, Debian, AND Untangle are all able to support 112Mbps VPN tunnels with plenty of CPU headroom left over. In the end, simply uninstalling and reinstalling the app was all that was needed.

  8. #18
    Master Untangler
    Join Date
    May 2010
    Location
    Texas, USA
    Posts
    642

    Default

    I certainly don't see any posts in this thread that *I* would consider a personal "attack". Sorry if you felt that way, though.

  9. #19
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,478

    Default

    Huh. That is weird indeed. I can't explain that, but glad it is resolved.

    Quote Originally Posted by ChrisAZ View Post
    @dmorris. I'm going to ignore the other folks that attacked me on this forum. But if that's what one has to do to get support for your product, that's a big turn off. A friend recommended I try Untangle and I downloaded it two weeks ago to evaluate it. I found a problem and engaged customer support. I then see others are having similar issues and simply post what customer support told me. Then I'm attacked. If people had spent their time attacking the problem instead of attacking the customer, this would have been resolved quickly. I was given specious answers on this forum (Layer 7 is too inefficient! If you want faster speeds, use a different product! Debian drivers aren't as fast as OpenBSD drivers!) Not one did anything to diagnose and correct the problem. My hardware, ISP, Debian, AND Untangle are all able to support 112Mbps VPN tunnels with plenty of CPU headroom left over. In the end, simply uninstalling and reinstalling the app was all that was needed.
    Maybe you can PM me with details? I apologize if I played a role or you're talking about me. Sometimes us long time forum users focus too much on being accurate to a pedantic extent that the tone is perceived as impatient or downright rude.
    I can guarantee no one in this thread (I know them all pretty well at this point) meant disrespect and is actually trying to help resolve the issue.
    Sam Graf likes this.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2