Slow File Transfer over Cisco VPN with Tomato QoS

Mark Berry March 5, 2015

I recently upgraded my Linksys E2000 router to Tomato Firmware v1.28.7507 MIPSR2Toastman-RT K26 VLAN-VPN. This includes quite a few default QoS rules.

Today I connected to a customer network using Cisco AnyConnect VPN software, then used Windows Explorer to copy an 40MB file over the VPN. The transfer was extremely slow, averaging under 8 KB/second, which would take over an hour to transfer 40MB.

In Tomato, under QoS > View Details, I saw that there was a lot of data going to UDP port 443. The IP address matched the VPN connection point. The class was Crawl, i.e. the very slowest speed (limited under QoS > Basic Settings to 1% – 5% of outbound bandwidth). Basically, because the traffic was UDP, it was falling through to the very last rule under QoS > Classification:

Tomato QoS 1

Looking up the Classification list a bit, I saw that there was a rule designed to identify file transfers on ports 80, 443, or 8080, but it was restricted to TCP only:

Tomato QoS 2

I changed that rule to include both TCP and UDP:

Tomato QoS 3

After that, the VPN file transfer was correctly classified as FileXfer, which is allowed to use 5% – 70% of the bandwidth:

Tomato QoS 4

This allowed the transfer to zip along at almost 100 KB/sec, or 7 minutes to transfer 40MB.



1 Comment

  1. Complex QOS rules considered harmful | nelsonslog   |  April 23, 2015 at 11:56 am

    […] use of UDP is severely throttled. Such as QUIC, Google’s fancy new web protocol. And Cisco VPN. And maybe […]

Leave a Reply





*