Netgate Store

Author Topic: SSH tunnel with putty very slow  (Read 182 times)

0 Members and 1 Guest are viewing this topic.

Offline TommyL

  • Jr. Member
  • **
  • Posts: 34
  • Karma: +0/-0
    • View Profile
SSH tunnel with putty very slow
« on: February 07, 2018, 07:29:43 pm »
Hi!

I use putty to create a SSH tunnel to the pfsense SSH server, to circumvent a restrictive firewall. It works good, but I get very slow speeds. Speed without tunnel is about 100/100 mb...but over the tunnel only 3/3 mb. Tested with Firefox, Chrome and WinSCP file transfers.

Is there anything I can do to make it faster? Can the firewall be throttling ssh connections? I'm running a I5 5250U with 4GB ram. About 5% CPU load when i test, so hardware should not be the problem...? Also not using port 22.

Best Regards

TommyL
« Last Edit: February 07, 2018, 07:50:37 pm by TommyL »

Offline muppet

  • Jr. Member
  • **
  • Posts: 59
  • Karma: +9/-0
  • I'm a Muppet
    • View Profile
    • Tim H
Re: SSH tunnel with putty very slow
« Reply #1 on: February 08, 2018, 12:18:24 pm »
I've just tested this myself and I get great performance via a SSH port forward/tunnel.

I'm using PuTTY to do my port forwarding under windows, you don't say what you're using. EDIT: Sorry, you say right there in the subject.

Regardless, I don't think the problem is pfSense.  I have a similar machine, i5 5250U but my pfSense is virtualised on it, so it should be even slower theoretically.

I would examine the following:
  • Client you're using (PuTTY etc)
  • TCPDump/Wireshark the connection and see if you're getting a lot of out of order TCP, or MTU problems

It might also be that the restrictive firewall is limiting SSH traffic.

Hope this helps (Though I realise how annoying "works for me!" posts are)

Offline TommyL

  • Jr. Member
  • **
  • Posts: 34
  • Karma: +0/-0
    • View Profile
Re: SSH tunnel with putty very slow
« Reply #2 on: February 08, 2018, 12:30:53 pm »
Thanks muppet. So it should be working better, good to get this confirmed. I suspect the firewall, but i will do some testing as you suggests. :)