Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Very, very slow internet browsing/download, 8.2.x (Newbie to Kerio Control software, getting very slow speeds)
  •  
micktech

Messages: 8
Karma: 0
Send a private message to this user
Hi,
I wonder if anyone has any idea why we would be getting very, very slow browsing/downloading speeds through the Kerio Control software we have on an HP Microserver? Recent 8.2.1 patch did not solve.

Configuration is as follows:

Single internet link:

ADSL comes in to our Vigor 2860n modem/router (we don't have a separate ADSL modem). This has external address of (redacted) 212.x.x.37. Vigor firewall is turned off.

The Kerio Control 8.2.1 software in on a HP Microserver with two NICs.

I set the Kerio Internet Interface NIC at 212.x.x.38 and connected to a port on the Vigor.

The Vigor has NAT (to 192.168.1.x range) and has an internal IP of 192.168.1.1. However it also has an IP Routed Subnet set as 212.x.x.37/mask 255.255.255.252.

The Kerio Trusted /Local interface NIC is set at 192.168.1.150 and connected to another port on the Vigor.

(Bit of a rookie with routing, but I assume that means that ADSL comes in via the Vigor, is transparently routed to the Kerio Internet Interface on .38, which then acts as a firewall to anything which has a gateway value of .150 and is in the range 192.168.1.2 to .255??)

We then have an SBS2011 box connected to a third port on the Vigor, with IP 192.168.1.2 (gway .150, dns .2) which will eventually connect with clients on IPs .3-.50, thanks to a port on the Vigor being connected to a switch, off of which the PCs will hang.

Finally, for my own testing purposes, an HP workstation not part of the SBS domain, with address 192.168.1.130, gway .150, dns .150)

This is what happens:

SBS2011 and my HP Workstation can browse internet, but INCREDIBLY slowly (e.g. .02 kb/s) leading often to timeouts. Here is an example traceroute to e.g. www.hmv.co.uk trying to browse in IE to this address does not work even after waiting 2 mins, but sometimes other sites do work or on 2nd attempt.:

traceroute to www.hmv.co.uk (178.248.105.164), 30 hops max, 60 byte packets
1 212.x.x.37 0.711 ms 0.690 ms 0.680 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * 212.187.201.213 8.810 ms 9.865 ms
8 212.113.8.178 12.137 ms 212.113.8.166 12.560 ms 13.247 ms
9 178.248.104.122 21.226 ms 93.191.33.206 22.775 ms 178.248.104.122 25.564 ms
10 * * 178.248.104.122 28.230 ms
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *

(on my HP Workstation, with gway changed to point to Vigor on .1, the page comes up immediately in IE, and traceroute is as follows(admittedly with hmv.co.uk seeming to auto resolve to .com instead):

Tracing route to hmv.com [178.248.105.135]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms Vigor.router [192.168.1.1]
2 9 ms 7 ms 17 ms lo0-central10.ptw-ag04.plus.net [195.166.128.194]
3 7 ms 6 ms 6 ms link-b-central10.ptw-gw02.plus.net [212.159.2.158]
4 7 ms 6 ms 6 ms xe-7-2-0.ptw-cr02.plus.net [212.159.0.254]
5 6 ms 5 ms 6 ms ae2.ptw-cr01.plus.net [195.166.129.4]
6 6 ms 6 ms * te-3-4.car5.London1.Level3.net [217.163.45.181]
7 6 ms 6 ms 6 ms ae-22-52.car2.London1.Level3.net [4.69.139.99]
8 7 ms 7 ms 7 ms LONDON-DATA.car2.London1.Level3.net [212.113.8.166]
9 13 ms 13 ms 13 ms 93.191.33.206
10 13 ms 13 ms 15 ms 178.248.104.122
11 14 ms 13 ms 13 ms 178.248.105.135
12 13 ms 13 ms 13 ms 178.248.105.135

Trace complete.

Any suggestions gratefully received.
Thanks

  •  
sorat

Messages: 59
Karma: 2
Send a private message to this user
Where did you get 212.x.x.37/mask 255.255.255.252 from, provider? Then what is 212.x.x.38, your own initiative?
Also, still cant figure out your setup, post info of every interface you use like this: 1) Name(what used for) 2) IP 3) mask 4) gateway, dns 5) NAT or not. And post actual routes. I think youre misconfigured.
  •  
micktech

Messages: 8
Karma: 0
Send a private message to this user
Hi, thanks for responding.

Yes, I agree that there is probably some basic mistake that I, as a newbie, have made - which is why I am posting the question in this forum...

(See below - I have noticed that the Internal NIC of the Kerio does not have DNS or Gateway settings - which I guess could be a problem, though nothing alerted me to this during setup - only just found out).

>>Where did you get 212.x.x.37/mask 255.255.255.252 from, provider? Then what is 212.x.x.38, your own initiative? <<

We have static IP range from our ISP, which they quote as:
Static IP: 212.x.x.36 Gateway Address
212.x.x.37 address for router
212.x.x.38 spare address
212.x.x.39 Broadcast Address
Netmask: 255.255.255.252 (this is the ONLY mask ending .252 - all other masks are 255.255.255.0)

This has always worked fine, e.g. for our SBS 2003 box (with two NICs, as it had ISA, a software firewall on it)the router took .37,and the external facing NIC took .38 (with the 2nd NIC on the other side of the software firewall having 192.168.1.2, connected to a switch off which hang the client PCs)

>>Also, still cant figure out your setup, post info of every interface you use like this:<<

I think I did most of that in original msg, and you haven't asked for any 'report' to be generated by the Kerio Control, but to clarify:

(NOTE that I now have an HP Switch unit, so the configuration is slightly different to my first post; also, I have now changed the internal NAT range of the Vigor Router from 192.168.1.1> to 192.168.16.1> in case that was causing issues - since it was the same as the Kerio NAT range)

Overall situation: I have fast ADSL coming into a Vigor modem/router, with a workstation of mine hanging off of it and getting fast browsing speeds.
I have Kerio Control 8.2.1 on an HP Microserver, which has one NIC connected to the Vigor router, and one to the Switch. Hanging off of the Switch is my windows domain kit - an SBS2011 Server and a test Client PC - the idea being that the domain is protected by making the Kerio the gateway. This kit on the 'internal' side of the Kerio are getting the Very, Very slow Browsing speeds...

the Connections:

(a)ADSL incoming CONNECTED to (b) ADSL port on Vigor 2860n Router

On the Vigor router, an IP Routed Subnet is setup - IP Address 212.x.x.37, with mask 255.255.255.2 (so as to provide the Kerio NIC #1 with an external IP, which it has as .38)

(You cannot turn NAT off for the Vigor - it is now set to be the range 192.168.16.1> - and I have temporarily connected my own workstation to the Vigor, with IP of 192.168.16.130)

DNS for Vigor is picked up automatically from the ISP - 212.x.13.49, 212.x.13.50


(b)Vigor has 2 items connected to its sockets -

socket #b1 - NIC#1 of the Kerio ('Ethernet Interface, Native mode' - set at 212.x.x.38, mask 255.255.255.252, gateway 212.x.x.37, dns 8.8.8.8 (I just put in the Google DNS since that usually works

socket #b2 - my workstation (for testing only, not part of the SBS domain). It has IP 192.168.16.130, mask 255.255.255.0, and DNS now set to be 192.168.16.1 (the Vigor router) - NOTE that with these settings the workstation gets really fast browsing speeds, so the
problem is not with the Vigor router.


(c) the Kerio Control box has two NICs, and is an HP Microserver, gen7

NIC #1 - is the one described above, 212.x.x.38 - connected to the Vigor Router

NIC #2 - is 'Trusted/Local Interface - Native mode' and has IP 192.168.1.150, with mask of 255.255.255.0


*** NB - looking at the config for , there is NO Gateway or DNS specified - and to be honest, I am not sure what to put here ***


(d) The Switch - items connected to the Switch are:


#d1- Kerio Nic #2, 192.18.1.150


#d2 - Msft SBS2011 server - NIC is 192.168.1.2, mask 255.255.255.0, gateway 192.168.1.150 (the Kerio), DNS 192.168.1.2 (which is correct SBS DNS'ing for the server to point to itself). This server will be domain server for'OURDOMAIN'

If I try to browse from this server, I get the very, very slow speeds (and I also had slow speeds when my workstation was given a Kerio internal ip of 192.168.1.130 and had the Kerio as the gateway at192.168.1.150) (as soon as I gave my workstation a gateway of the Vigor router at 192.168.1.1 (as it was, previously) my workstation had fast browsing speeds).

#d3 - Windows 7 PC, test client - NIC is 192.168.1.20, mask 255.255.255.0, gateway 192.168.1.150 (the Kerio), DNS 192.168.1.2 (the SBS server)


So, hopefully the above helps.

  •  
sorat

Messages: 59
Karma: 2
Send a private message to this user
Well, you just answered it yourself - you must have gateway and dns at kerio's NIC 1.
Thats not all for correct inet flow, but for starters, try that, and post back what happened.
  •  
micktech

Messages: 8
Karma: 0
Send a private message to this user
>>you must have gateway and dns at kerio's NIC 1<<

If by NIC1 you mean the Internet Interface, it already does have Gwy and DNS values entered - see my post.

If by NIC1 you mean the Internal Interface... Kerio actually advise NOT having a gateway value set there. I have now added 8.8.8.8 to the DNS however, but no change in speed.

Sorat, your answers are fast but not necessarily clear - or helpful - for a newbie. Unless you can help in a more productive way, please don't.

Thank you
  •  
sorat

Messages: 59
Karma: 2
Send a private message to this user
Of course only one gateway needed. Yes, now i managed to see you described it earlier. Thats why i asked to post info on interfaces in a manner of tight short list. Instead you go on more like a storytelling about config and not always clear for the purpose of troubleshooting description.
Ok, i'd say looks like you have dns redirect timeouts.
Instead of sbs, try enabling dns forwarder in kerio (no need to use sbs, just configure kerio's properly, write zone of your domain, see hosts file etc), and configure your client to kerio as primary dns server.
Also, use kerio's status->IP tools, for simple checks like ping, tracert, lookups. See if kerio itself is responding properly.
  •  
micktech

Messages: 8
Karma: 0
Send a private message to this user
Thanks Sorat, I shall try this and report back.

Previous Topic: Opensuse/Fedora and Actual 64bit support when?
Next Topic: Routing separate LAN with own internet access
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Oct 19 07:28:48 CEST 2017

Total time taken to generate the page: 0.00441 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.