Slow Speed

[gmoler]

I cannot get anything over 300kb/s on my docker container, not sure what the heck is going on

I've tied using it in host networking mode, privileged, passed in NET_CAP....all the variables i know how to try at the docker layer

I've tried the secure NAT (even slower than bridge) bridging...even created a new bridge on my docker host and bridged to that....still nothing

Is this just not meant to run in a container?

Docker version 18.05.0-ce, build f150324
4.12.0-1-amd64 #1 SMP Debian 4.12.6-1 (2017-08-12) x86_64 GNU/Linux

Using compose:

vpn:
image: siomiz/softethervpn:debian
container_name: vpn
#network_mode: host
privileged: true
ports:
- "443:443/tcp"
- "5555:5555/tcp"
- "500:500/udp" # IPSEC IKE
- "1194:1194/udp" # OpenVPN data
- "1194:1194/tcp" # OpenVPN control
- "1701:1701/udp" # L2TP data
- "1701:1701/tcp" # L2TP control
- "4500:4500/udp" # IPSEC NAT-T data
environment:
- PSK=test
- USERNAME=test
- PASSWORD=test
- SPW=test
- HPW=test
volumes:
- "./vpn/:/usr/vpnserver/server_log/"
cap_add:
- NET_ADMIN

[siomiz]

This image is not much more than a script wrapper for the server executable...

• Try adjusting MTU via env: VPNCMD_HUB='NatSet /MTU:1500', for example
• Could you test the throughput using the SoftEther official binary outside of Docker?

[gmoler]

when i look at the NAT page it is set to 1500 by default, will this change anything else?

I see a ton of downloads on docker hub, somewhere people are using this successfully. this seems odd it'd be isolated to me. i'm with ya, you are just wrapping the binary up and putting it in a container. i'm just as muffed as you are. i wonder if we are looking at perhaps a driver issue with my network card or something weird?

EDIT: will attempt a local binary install to see if i have the same issues

[siomiz]

Yes 1500 is the default; so you might want to adjust it for your environment.

[daniel-lerch]

Same issue for me. The downstream rates vary from less than 100 KBit/s to 700 KBit/s. Like @gmoler I'm using docker compose and have tried several settings. Using other images or versions does not make any difference. Without network_mode: host I was not able to establish a connection via the local bridge.
However the interesting fact is that upstream is working perfectly for me. I always get 9.9 MBit/s which is my provider limitation.

I will post here again once I have installed and tests SoftEther with a local installation.

Docker version: 17.12.1-ce
OS: Ubuntu Server 18.04 LTS
Computer: DELL Latitude 3330

[daniel-lerch]

I have just installed SoftEther locally. Using an L2TP/IPSec connection to my smartphone I get now 41.2 MBit/s in downstream while the SoftEther VPN Server runs with 100% CPU load on a single core. Like with running inside of a container I get 9.9 MBit/s in upstream.

I have absolutely no idea why downstream is such instable and slow when running with network_mode: host and privileged: true.

[siomiz]

I'm currently inclined to believe it's on the Docker's network layer, after reading reports like this:
moby/moby#30801
I'll come up with some tests.

For me somehow the performance improved for OpenVPN connections to container when I configured the client to use TCP. (Not sure L2TP/IPSec allows TCP.)

[YDKK]

I had same issue.
I configured DisableIpRawModeSecureNAT and DisableKernelModeSecureNAT parameter to true in vpn_server.config file (according to this comment: SoftEtherVPN/SoftEtherVPN#553 (comment)), then I got enough fast downstream speed.

[siomiz]

@YDKK Thank you for the info!
I'll set those options in entrypoint.sh to have them in a default setup.
Docker probably needs to handle its NAT anyway... and kernel/raw-ip mode here may be complicating things in there.