We have recently had an issue with a Barracuda VPN Tina Tunnel. In our case we had one Barracuda in Azure and one on-premise. All of a sudden we started having network latency spikes and drops in the VPN, we hadn’t made any changes to the Barracuda configuration so we were a bit confused as to why this occurred.
After many troubleshooting attempts such as rebooting the Barracuda’s manually, nothing we had tried appeared to work. Weirdly when we rebooted the Azure Box the tunnel seemed to preform a lot better. However this gradually got worse until we were back to where we were originally.
I consulted Barracuda Support to try and assist us, they suggested that we attempt to change the protocol the Tina tunnel/VPN uses. This was originally set to TCP, Barracuda suggested we set this to ESP. As soon as we did this and re-initiated the VPN to replicate our changes, performance was back to normal! My ping tests were also no longer dropping and had little to no latency.
When I asked Barracuda what they thought was the root cause of this issue they believed that Azure sometimes shapes traffic over the TCP port of 691. By changing the policy to ESP this doesn’t appear to be shaped by Azure. This can sometimes be caused if a Azure VM changes its host/instance. This is apparently a known issue.
I have also raised this with Azure Support to try and get a further understanding from their side!