{"id":782,"date":"2013-07-01T00:00:00","date_gmt":"2013-07-01T00:00:00","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2013\/07\/01\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link\/"},"modified":"2023-01-06T17:02:42","modified_gmt":"2023-01-06T17:02:42","slug":"how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html","title":{"rendered":"Optimize Throughput of a VPN across a WAN-based Link"},"content":{"rendered":"<p>How can I optimize the throughput of a VPN across a WAN based link ?<\/p>\n<p>I was recently asked this question the other day by a client, after seeing the results (in which the transfer speeds were nearly tripled) I thought it would make an interesting article.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_65 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<p class=\"ez-toc-title\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6626daa6dacbb\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6626daa6dacbb\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html\/#Background\" title=\"Background\">Background<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html\/#Solution\" title=\"Solution\">Solution<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html\/#MSS_Clamping\" title=\"MSS Clamping\">MSS Clamping<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html\/#MSS_Blocking\" title=\"MSS Blocking\">MSS Blocking<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html\/#PMTUD\" title=\"PMTUD\">PMTUD<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html\/#Selective_ACK_SACK\" title=\"Selective ACK (SACK)\">Selective ACK (SACK)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html\/#Nagle_Algorithm\" title=\"Nagle Algorithm\">Nagle Algorithm<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html\/#Receive_Window_Tuning\" title=\"Receive Window Tuning\">Receive Window Tuning<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html\/#Summary\" title=\"Summary\">Summary<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"h3\"><span class=\"ez-toc-section\" id=\"Background\"><\/span><strong>Background<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>My client had a VPN (Site to Site) between their office, in the UK and another office in East Africa. On either end of the VPN was a number of Window 2k3 and 2k8 boxes.<br \/>\nTheir goal was to optimize the VPN to ensure the maximum throughput between each of the sites could be achieved.<br \/>\nAs you would expect due to the distance and regions of both offices the path was both high in latency and also was susceptible to packet loss.<\/p>\n<h2 class=\"h3\"><span class=\"ez-toc-section\" id=\"Solution\"><\/span><strong>Solution<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>To optimize the throughput across both sites there were a number of areas that we will cover, such as Fragmentation, MSS Clamping, MSS\/RWIN tuning and also ensuring that the path between the sites is used as efficiently as possible.<\/p>\n<p><em>Note<\/em> : Before any changes were made a file transfer was initiated across the VPN and the transfer rates recorded.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"MSS_Clamping\"><\/span><strong>MSS Clamping<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>To ensure that traffic between each of the sites is not fragmented the MSS (Maximum Segment Size) is clamped.<br \/>\nMSS clamping works by rewriting the MSS value that is announced within the 3 way handshake.<\/p>\n<p>So, how do we calculate the MSS ?<\/p>\n<p>First of all a ping is sent to one of the servers via the VPN, ensuring that the DF (Don&#8217;t Fragment) bit is set. This ensures that if the MTU on any of the hops further upstream is smaller then the packet sent, an &#8216;ICMP Fragmentation Needed&#8217; will be sent rather than the packet being fragmented.<br \/>\nThis allows us to adjust the data payload length within our ping until we receive the ICMP message &#8220;ICMP Fragmentation Needed&#8221; from our destination. At the point we see this message we know that the packet size was too big for the PathMTU.<br \/>\nBecause our pings our ICMP based, with the ICMP header\u00a0 consisting of 8 bytes and a TCP header of 20 bytes we also subtract a further 12 bytes from our payload length to ensure that at the point TCP is used rather then ICMP the packets are not fragmented.<\/p>\n<p><strong>Example<\/strong><\/p>\n<p>First of all we start off pinging the remote host (across the VPN) using the following flags:<\/p>\n<table style=\"width: 249px; height: 61px;\">\n<tbody>\n<tr>\n<td>-f<\/td>\n<td>set the &#8216;do not fragment&#8217; flag<\/td>\n<\/tr>\n<tr>\n<td>-l<\/td>\n<td>the packet payload<\/td>\n<\/tr>\n<tr>\n<td>-n<\/td>\n<td>the number of packets<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>We start with a payload length of 1408. As you can see we get the expected response.<\/p>\n<pre>C:\\Users\\rick&gt;ping 192.168.1.10 -f -l 1408 -n 2\r\nPinging 192.168.1.10 with 1464 bytes of data:\r\nReply from 192.168.1.10: bytes=64 (sent 1464) time=39ms TTL=45\r\nReply from 192.168.1.10: bytes=64 (sent 1464) time=39ms TTL=45<\/pre>\n<p>Ping statistics for 192.168.1.10:<br \/>\nPackets: Sent = 2, Received = 2, Lost = 0 (0% loss),<\/p>\n<p>We next up our payload length to 1409 bytes. However this time we can see that the packet is to large and requires fragmentation.<\/p>\n<pre>C:\\Users\\rick&gt;ping 192.168.1.10 -f -l 1409 -n 2\r\nPinging 192.168.1.10 with 1465 bytes of data:\r\nPacket needs to be fragmented but DF set.\r\nPacket needs to be fragmented but DF set.<\/pre>\n<p>Ping statistics for 192.168.1.10:<br \/>\nPackets: Sent = 2, Received = 0, Lost = 2 (100% loss),<\/p>\n<p>Based on these tests we take the maximum payload length (which is 1408 bytes) and subtract a further 12 bytes (because of TCP headers), leaving us with our optimal MSS.<\/p>\n<p><strong>MAXIMUM PAYLOAD LENGTH &#8211; 12 BYTES = OPTIMAL MSS<\/strong><\/p>\n<p><strong><em>Note<\/em>\u00a0<\/strong>: Based our optimal MSS value, the additional headers that would contribute to the remainder of the packet are,<\/p>\n<p><strong>MAXIMUM PAYLOAD (1408bytes) + IP HEADER (20bytes) + ICMP HEADER (8 bytes) + IPSEC HEADER (64 bytes) = 1500 MTU.<\/strong><\/p>\n<p>The interesting point here is that the IPSEC header size can change based on the ciphers used.<\/p>\n<p><em><strong>Note<\/strong><\/em> : The Cisco ASA clamps the MSS (of the inital SYN) in each direction.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"MSS_Blocking\"><\/span><strong>MSS Blocking<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Cisco ASA v7.0 and later introduced a feature that blocked traffic containing an MSS higher that that announced by its peer (within the 3 way handshake). Though this is meant to limit potential buffer overruns etc as some servers may not always adhere to this behaviour you may find instances where this feature needs to be disabled.<\/p>\n<p>To confirm whether this feature is blocking packets and needs to be disabled, run\u00a0the command\u00a0&#8216;show asp drop&#8217;. Before and after any of your tests.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"PMTUD\"><\/span><strong>PMTUD<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>To ensure that PMTUD can operate the ICMP message &#8216;Fragmentation needed and DF set&#8217; is permitted to all servers at both sites from any location.<br \/>\nThough this isn&#8217;t required within our scenario due to MSS clamping it is still considered good practice should it ever be required within the future.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Selective_ACK_SACK\"><\/span><strong>Selective ACK (SACK)<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>One issue with TCP is how the receiver acknowledges what packets they have received within the sliding window.<\/p>\n<p>Consider the scenario where a host has sent you 10,000 bytes. However bytes 2001-4000 were lost in transit. Normally the ACK sent would say, &#8220;Ive got everything up to 2000 bytes&#8221; and the sender would then resend 2001-10000.<br \/>\nSelectiveACK allows the receiver to say, &#8220;I got 1-2000 and 4001-10000&#8221;. The host would then only resend bytes 2001-4000.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Nagle_Algorithm\"><\/span><strong>Nagle Algorithm<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The Nagle algorithm is a method to alleviate network overhead by combining a number of smaller packets into one. Since TCP\/IP requires a 40 byte header (20 bytes TCP, 20 bytes IP), a packet that contains a 1 byte data payload can result in the packet being 41 bytes in length.<\/p>\n<p>Though this can greatly improve efficiency on a TCP\/IP network, this feature doesn&#8217;t work well with applications that require small packets to operate correctly. Such as telnet, where each keystroke is sent to the server. Because of this Nagle is normally best used in situations where large data transfers are required rather then interactive based application such as RDP or SSH.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Receive_Window_Tuning\"><\/span><strong>Receive Window Tuning<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The Receive Window (RWIN) is advertised by the receiver and corresponds to the amount of bytes within the receive buffer. Also known as the Window size, the RWIN ensures that the receiver does not receive more data then it is able to process.<br \/>\nThe sender is able to send data up to the window size without requiring an acknowledgment back. At any point the Window size can be adjusted by the receiver ; this acts as a form of flow control for the receive buffer.<\/p>\n<p>Why do we need to tune the Receive Window (RWIN) ?<\/p>\n<p>Well if the RWIN is too small then it can limit the throughput whilst the sender is awaiting for receiver acknowledge the traffic. If it is too big then the sender will have to resend the entire RWIN everytime packet loss occurs (however SACK can relieve such problems to a certain extent).<\/p>\n<p>Windows 7 and 2008 include a feature called &#8220;AutoTuning&#8221;. This automatically calculates and adjusts the RWIN based on what it believes to be the optimal size. For all other operating systems the RWIN size can be calculated and manually tuned, if required. This is done using the following formula,<\/p>\n<p><strong>BANDWIDTH(kbps) \/ 8 * AVERAGE LATENCY(Millisec) = RWIN SIZE(Bytes)<\/strong><\/p>\n<p>The RWIN size is then rounded off to a multiple of the Maximum Segment Size (MSS).<\/p>\n<p><em>Note:<\/em> In most instances your RWIN size should calculated to 64k or smaller. However should the it be larger then 64k Windows Scaling (WS) can be set. The Window Scale value is advertised within the TCP header and is a value that acts as a multiplier to the Receive Window size.<\/p>\n<h2 class=\"h3\"><span class=\"ez-toc-section\" id=\"Summary\"><\/span><strong>Summary<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Taking onboard the above and keeping inline with our case example the following changes were then implemented,<\/p>\n<p>1. The optimal MSS value was calculated and MSS clamping was set on the UK gateway. As this was a Cisco ASA the following command was used,<\/p>\n<pre>ciscoasa(config)# sysopt connection tcp-mss maximum &lt;MSS IN BYTES&gt;<\/pre>\n<p>2. MSS blocking was disabled on the UK gateway. Again as this was a Cisco ASA the following commands were used,<\/p>\n<pre>ciscoasa(config)# access-list MSS-EXCEEDED-ACL permit tcp any any<\/pre>\n<p>ciscoasa(config)# class-map MSS-EXCEEDED-MAP<br \/>\nciscoasa(config-cmap)# match access-list MSS-EXCEEDED-ACL<br \/>\nciscoasa(config-cmap)# exit<\/p>\n<p>ciscoasa(config)# tcp-map mss-map<br \/>\nciscoasa(config-tcp-map)# exceed-mss allow<br \/>\nciscoasa(config-tcp-map)# exit<\/p>\n<p>ciscoasa(config)# policy-map global_policy<br \/>\nciscoasa(config-pmap)# class MSS-EXCEEDED-MAP<br \/>\nciscoasa(config-pmap-c)# set connection advanced-options mss-map<br \/>\nciscoasa(config-pmap-c)# end<\/p>\n<p>3. As the VPN was mainly used for data transfers Nagle was enabled on all of the servers on both sides of the VPN.<br \/>\n4. Selective ACK (SACK) was enabled on all servers on both sides on the VPN.<br \/>\n5. The access control policies on both VPN gateways were updated to permit the ICMP Type 3 Code 4 &#8220;Fragmentation needed and DF set&#8221; inbound to all servers from any source address.<br \/>\n6. The RWIN calculated and updated on all servers <span style=\"text-decoration: underline;\">not<\/span> running Windows 2008.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>How can I optimize the throughput of a VPN across a WAN based link ? I was recently asked this question the other day by a client, after seeing the results (in which the transfer speeds were nearly tripled) I thought it would make an interesting article. Background My client had a VPN (Site to &#8230; <a title=\"Optimize Throughput of a VPN across a WAN-based Link\" class=\"read-more\" href=\"https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html\" aria-label=\"Read more about Optimize Throughput of a VPN across a WAN-based Link\">Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Optimize Throughput of a VPN across a WAN-based Link - Fir3net<\/title>\n<meta name=\"description\" content=\"How can I optimize the throughput of a VPN across a WAN based link ? I was recently asked this question the other day by a client, after seeing the\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Optimize Throughput of a VPN across a WAN-based Link - Fir3net\" \/>\n<meta property=\"og:description\" content=\"How can I optimize the throughput of a VPN across a WAN based link ? I was recently asked this question the other day by a client, after seeing the\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html\" \/>\n<meta property=\"og:site_name\" content=\"Fir3net\" \/>\n<meta property=\"article:published_time\" content=\"2013-07-01T00:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-01-06T17:02:42+00:00\" \/>\n<meta name=\"author\" content=\"Rick Donato\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rick Donato\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html\"},\"author\":{\"name\":\"Rick Donato\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\"},\"headline\":\"Optimize Throughput of a VPN across a WAN-based Link\",\"datePublished\":\"2013-07-01T00:00:00+00:00\",\"dateModified\":\"2023-01-06T17:02:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html\"},\"wordCount\":1351,\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"articleSection\":[\"Networking Concepts\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html\",\"url\":\"https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html\",\"name\":\"Optimize Throughput of a VPN across a WAN-based Link - Fir3net\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/#website\"},\"datePublished\":\"2013-07-01T00:00:00+00:00\",\"dateModified\":\"2023-01-06T17:02:42+00:00\",\"description\":\"How can I optimize the throughput of a VPN across a WAN based link ? I was recently asked this question the other day by a client, after seeing the\",\"breadcrumb\":{\"@id\":\"https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.fir3net.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Networking\",\"item\":\"https:\/\/www.fir3net.com\/networking\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Networking Concepts\",\"item\":\"https:\/\/www.fir3net.com\/networking\/concepts-networking\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Optimize Throughput of a VPN across a WAN-based Link\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.fir3net.com\/#website\",\"url\":\"https:\/\/www.fir3net.com\/\",\"name\":\"Fir3net\",\"description\":\"Keeping you in the know\",\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.fir3net.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.fir3net.com\/#organization\",\"name\":\"Fir3net\",\"url\":\"https:\/\/www.fir3net.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"contentUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"width\":390,\"height\":88,\"caption\":\"Fir3net\"},\"image\":{\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\",\"name\":\"Rick Donato\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"caption\":\"Rick Donato\"},\"description\":\"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders.\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Optimize Throughput of a VPN across a WAN-based Link - Fir3net","description":"How can I optimize the throughput of a VPN across a WAN based link ? I was recently asked this question the other day by a client, after seeing the","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html","og_locale":"en_US","og_type":"article","og_title":"Optimize Throughput of a VPN across a WAN-based Link - Fir3net","og_description":"How can I optimize the throughput of a VPN across a WAN based link ? I was recently asked this question the other day by a client, after seeing the","og_url":"https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html","og_site_name":"Fir3net","article_published_time":"2013-07-01T00:00:00+00:00","article_modified_time":"2023-01-06T17:02:42+00:00","author":"Rick Donato","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Rick Donato","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html#article","isPartOf":{"@id":"https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html"},"author":{"name":"Rick Donato","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037"},"headline":"Optimize Throughput of a VPN across a WAN-based Link","datePublished":"2013-07-01T00:00:00+00:00","dateModified":"2023-01-06T17:02:42+00:00","mainEntityOfPage":{"@id":"https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html"},"wordCount":1351,"publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"articleSection":["Networking Concepts"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html","url":"https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html","name":"Optimize Throughput of a VPN across a WAN-based Link - Fir3net","isPartOf":{"@id":"https:\/\/www.fir3net.com\/#website"},"datePublished":"2013-07-01T00:00:00+00:00","dateModified":"2023-01-06T17:02:42+00:00","description":"How can I optimize the throughput of a VPN across a WAN based link ? I was recently asked this question the other day by a client, after seeing the","breadcrumb":{"@id":"https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.fir3net.com\/Networking\/Terms-and-Concepts\/how-can-i-optimize-the-throughput-of-a-vpn-across-a-wan-based-link.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.fir3net.com\/"},{"@type":"ListItem","position":2,"name":"Networking","item":"https:\/\/www.fir3net.com\/networking"},{"@type":"ListItem","position":3,"name":"Networking Concepts","item":"https:\/\/www.fir3net.com\/networking\/concepts-networking"},{"@type":"ListItem","position":4,"name":"Optimize Throughput of a VPN across a WAN-based Link"}]},{"@type":"WebSite","@id":"https:\/\/www.fir3net.com\/#website","url":"https:\/\/www.fir3net.com\/","name":"Fir3net","description":"Keeping you in the know","publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.fir3net.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.fir3net.com\/#organization","name":"Fir3net","url":"https:\/\/www.fir3net.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","contentUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","width":390,"height":88,"caption":"Fir3net"},"image":{"@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037","name":"Rick Donato","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","caption":"Rick Donato"},"description":"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders."}]}},"_links":{"self":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/782"}],"collection":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/comments?post=782"}],"version-history":[{"count":2,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/782\/revisions"}],"predecessor-version":[{"id":3469,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/782\/revisions\/3469"}],"wp:attachment":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/media?parent=782"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/categories?post=782"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/tags?post=782"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}