The other thing that people forget is that the upload speed of your own connection limits to how fast you can copy files to the main office . The default reaction to support is "But I have a 600mbit connection", yes, download to you, and a 60mbit upload that realistically limits it to 6MB/s. It's a matter of perspective.

Really informative stuff and a question I've always had. Thanks, Tom!

I’ve been trying to explain this to people who insist on using SMB to send data to the other side of the world over a VPN. Thank you for the video. When they ask why we shouldn’t use SMB, I’m just going to send them a link to this video.

I really appreciated this video but it would happen even better if you included some alternative ways to transfer files besides SMB that wouldn't be as affected by latency.

I think the script of a great follow-up video would start something like this, "Tom from Lawrence Systems here, and in today's video we're going to do a follow-up to our last video where we explained why SMB is a poor choice to use over VPN and why X is much better suited for these use cases"

I learned a thing today, thanks for sharing Tom! I've had this issue myself and always woundered why the slow file transferes.

Omg, I could used this video for soooooooooo many meetings!

I think DFSR was designed with this in mine. It is the back end replication for Active Directory Domain Services SYSVOL. The problem is people misusing it for what it wasn't designed for (it is a lockless fileshare) . For example it can be set up for one way syncing Read-Write share to a Read share or two way which is where things go wrong when badly designed setups cause issues.

Thank you for explaining it so clearly

Fragmentation and packet size issues are the main cause. MTU, payload size your VPN protocol, SMB blocksize, Window sizes/scaling etc all need to be "fine tuned" for your specific needs. Sadly though most SMB servers can not change those parameters "on the fly" based on destination, so you either have good VPN performance OR LAN performance (which most users/admins prefer) - but not both. FYI I had spent 5 days on an OpenVPN connection with Wireshark mostly and got about 75% of the WAN speed through the VPN with SMB. Your router and ISP do not care what traffic they carry!

nice video but now you got me interested in seeing how other file sharing protocols perform in these conditions

especially for OpenVPN there's some buffer parameters you really, really want test adjusting. send / receive buffers are disputed but worked very well where I tried them. but - if the link speeds are just too low or for badly optimized applications, it's often better to give access to a terminal server where people then work.

IIRC, SMB was also noisy, at least on the local LAN. Several years ago, during the first time I worked at IBM, I was reading some internal documentation about adapting it to work over IP. It had a lot of issues that made it a generally bad protocol. Originally, it was strictly a local LAN protocol, before IP made routing possible.

One of the places I've worked at used global protect for VPN. When I would go to pull up Active Directory Users and Computers over the VPN, it would take 20 minutes. No, I'm not making it up. They transfer that data over SMB1. Painful AF. I ended up just writing some powershell to pull what I needed from AD.

What should I use instead of SMB over VPN for Windows machines?

So what's the alternative to SMB when using VPN?

How about NFS? Or what is the next alternative that is friendly with many os types?

Great video!! I definitely had the same question.

Hello, which tool was used to add additional latency? Would be interested to see how it's done or know via which tool it was done

Has anyone got around to testing but hopefully SMB over QUIC (Win11/Server 2022) on a VPN?

To clarify this, it’s not related directly to SMB, but rather the TCP transport layer. Because of the error/congestion correction in TCP, there is something called a window. This means that the client and server agree that X number of bytes will be sent before an the sender waits for the acknowledgment that all packets were received. There is also a feature that’s called window scaling which changes the size of that window based on the connection and can drastically affect your transfer speeds. What’s happening here is that the higher latency is forcing the TCP window scaling to decrease, making the window smaller and therefore throttling the transfer speeds. So even if you have a tunnel with a full gig connection on both ends, this additional latency could mean your throughput is actually limited to something similar to a 100Mbps connection. A couple work arounds are to play with your operating system to find if there are methods that could affect the window scaling to allow for high speed but high latency connections, but I’ve found this to be pretty tricky, especially on Windows machines. The other option is to run multiple streams whenever possible, because each stream will have its own window. But this obviously relies on the application implemented supporting that, which is another issue entirely.

I had no idea. Thanks for the useful video!

Thank you so much for this video..

Seriously thank you.

Hi Tom, love your stuff. Would you have any detailed tutorial on how to access shares over the internet? I already have vpn , tunnel for services etc.

my biggest question here is what are good alternatives that the simple windows end user can use to use another protocol or solution, my clients typically end up with unraid+tailscale and mounted shares on the machines 98% of the time there local so latency is low however the 2% they use the SMB share over the VPN however where talking about 1-5mb word files so it doesnt matter as much as the backup that runs only during the day so as to have them local I would like to switch that to at night

I connect to a VPN hosted inside my Asus router. I noticed most of my SMB transfers over this VPN max out at a certain speed. Is this speed influenced by the CPU of my router?

That thumbnail is hilarious 🤣

Very interesting. What do you use to mount SMB file shares? I tried to do that some time ago, and the result was awful, like if the file transfer was never going to finish. On the office i use rsync with the SSH-FTP protocol in windows with cygwin to update quite a lot of files over VPN. It seems to work very well.

Great video. Many ty

Great explanation, but you left us wanting to know more…..like what we should be doing to address this. Is WebDAV or something else the way to go?

Follow up Question then: do other protocols have similar penalties? What protocol would you recommend for large point-to-point file transfers over WAN?

would like to know why. Sth. to do with UDP vs TCP?

I’m going to be sending this video a lot

I had SMB Multiplexing running over l2tp in a LAB. It scaled not that bad.

Always wondered, why smb over OpenVPN sucks balls, but over wireguard it's basically fine.

And what protocol do you recommend for this type of transfer? I'm asking this because I use sshfs, but I'm looking for more performant ways to solve the problem.

So seems then SMB also isn’t great for wifi then due to latency from that?

Is there an alternative protocol for Windows to use? I know NFS exists for windows, but it doesn't have a UI and isn't really suited for normal people who don't want to mount via command line

If you want to optimize SMB over a VPN, make sure all your node types are "p-nodes", so they don't waste efforts on broadcast traffic, like b-, h-, and m- type node use.

Where was this when I was having to repeatedly explain this at work starting 3 years ago.

Hi Tom, have you tested SMB over QUIC at all? This is what Microsoft introduced in Server 2022 for accessing SMB shares via services such Azure Files. As far as I know there hasn’t been any other improvements in SMB over WAN other than this.

How were you able to add latency in your test?

The problem is clear, and the solution? Witch protocol YOU raccomand? WebDAV, FTP, NFS. Every of these protocol can easily implement in Windows. If security is demanded throw VPN how can you obtain usability on typical file server office situation?

Awesome video thanks

Given the drastic increase in work from home vpn usage and desktop virtualization, they would get this sorted.

Ok so what do you suggest to use instead? I want to share a network drive for work related stuff, really need the speed.

What’s an alternative that is just as or almost as easy for your average joe to use to move his files around?

Thanks, as a Windows guy tried getting around the SMB limitation by creating an iscsi lun over the vpn (gigabit internet on both ends). No problem creating the iscsi lun, but when transferring a file to the new lun I'm getting the same speed as smb. Topping out at 4MB/s, latency between sites is in the 16ms range. Thoughts?

SMB is even worst in WIFI, only 2 mbps (megabit per sec) on 2GHZ, and a little faster on 5GHZ, but no much...

awsome had I known this earlier. would NFS perform any better?

That explains why

Can you do a video on how to prevent ARP poisoning on Pfsense

So is there a protocol that works better than SMB but can also work on Windows?

How did you add the latency to the connection?

Hi guys, I was wondering what you'd suggest to transfer files between two Windows machines on opposite ends of a VPN. Instead of SMB that is... Obviously SMB is the most convenient using File Explorer, but perhaps there's something almost as convenient that doesn't have the SMB latency-effect?

Now do a tutorial on NFS on Windows please

Well Done!

what about NFS ?

I hate to be that guy, but the title is a bit off- Why are* smb file transfers slow over a vpn I had to google it - is is for singular, are is for plural. "transfers" is plural so you are supposed to use "are" instead of "is"

Perfect timing

Thats why ya use WebDAV !

Any traffic that has to traverse the firewall is going to have a bad day with latency, especially SMB and VPN connections. Keep it on the switch as much as you can. VPNs are for security, really, not speed. If you want speed setup a virtual desktop you can remote into. Great video!

Come back kermit, all is forgiven ;-)

One answer: LATENCY.

Nice demo. Its physics, if you double the latency you essentially halve the realized bandwidth.

Because it needs to zap up to space and back

Just increase your TCP Window size and throughput will be better.

because you failed to connect the flim flam to the torbotrizer!!! This is the most basic of things!!!

mtu. mss. router. fw-rules. And how we were switched to rsync from smb?