When a remote user is having “network problems”, the support team has to troubleshoot many components that may impact a remote user’s experience, including the WiFi network, the VPN connection, and the performance of the local ISP. The main problem is that System Administrators and Network Engineers have been called in to solve problems in an external infrastructure that provides zero visibility and control. Let’s see what tools can be used to troubleshoot VPN problems.
Open Source Tools For Troubleshooting VPN
There are many open source tools to help you troubleshoot VPN connectivity and performance issues. They become handy when you need to jump on a call to quickly test the performance and connectivity from the end-user’s device towards your DC, VPN concentrator, and the Internet.
Below is a list of utilities we hear being used a lot by Network Engineers and System Administrators:
Ping
Perhaps the most basic of tools to test reachability to a remote host. It’s widely available for all operating systems, and it’s easy to guide even an unskilled user to run a ping test and email you back the results. Ping can help you troubleshooting VPN’s latency and packet loss. Typically you would ask the user to ping google.com, their gateway IP, and a VPN tunnel target. These give yout basic connectivity information of the device, but also a rough idea of the latency and packet loss of their link towards the Internet, their WiFi router, and the VPN concentrator.
Here is a screenshot of what that looks like on Windows. The MacOS console has a similar ping test.
Speedtest
When troubleshooting VPN slowness issues, first determine how much speed you can achieve with your internet connection. This is a test that your users are most likely already familiar with, since it is the go-to test when someone experiences “slowness” issues. The most popular speedtest is the one supported by Ookla servers at speedtest.net. In addition, there is fast.com that runs against Netflix’s CDN servers that has the added benefit of being ad free.
Traceroute/MTR
If you need to get even more information, traceroute is another widely available utility that gives the hop-by-hop information from the end-users device to the VPN concentrator, or any other host obviously.
A tool that is similar to traceroute, which can also give you hop-by-hop packet-loss statistics is MTR. This requires downloading an executable on the end-users device, but it might be worth the effort if you are looking to find out if a specific node is exhibiting high packet loss.
iPerf
We’ve talked about iPerf’s capabilities, quirks, and bugs in other posts but, in the context of VPN monitoring, it can help you isolate bandwidth performance. It can also shed light on the jitter and packet loss from the end-user’s device to your VPN concentrator or any other host in your DC. This is another test that requires downloading an executable on the user’s device, but it has both a GUI and a command line interface, which makes it easier for an unskilled user to interact with it.
Limitations of Troubleshooting VPN Reactively
All these utilities are great, put using them on an ad-hoc basis has a few limitations:
- You can only use them in a reactive way, once a user complains
- You don’t have any historical information to compare against
- It is a hassle to get on the phone or on shared screen with a user to run these commands
An organization that manage a large number of remote users may most probably will need a proactive solution that continuously monitors the VPN experience.
NetBeez as Continuous VPN Monitoring
NetBeez offer a simple and easy solution for remote worker network monitoring. By using lightweight software agent, all the reactive limitations are lifted. After going through a standard software installation wizard, all these types of tests and many more are centralized and can be managed and run not only on a specific user’s device, but on the whole fleet in a scalable and productive way.
The user experience is captured and monitored continuously, all data is logged and analyzed statistically offering information that can be used to detect issues proactively, but also provide data for troubleshooting when needed.
If you would like to learn more about monitoring VPN connections I have added a link to a great write up on how this can be done through NetBeez.
