Good morning community!
We are using a Client VPN, full tunnel (required), using IPSec through an MX84 connected to an MS250. Recently, "maybe" since the last MS firmware updated in January, we are experiencing VERY slow throughput to our systems while connected to the VPN. Per our testing, it appears to be about a 70-75% bandwidth degredation while connected. Users connected with 400Mbps cable connections don't really notice the problem, but remote users on slow DSL connections or cellular hot spots find the VPN functionality almost unuseable. Please advise if anyone is/has experienced the same, and possibility of retification. Thanks in advance.
The maximum VPN throughput for the MX84 is 250 Mbps.
Thank you for the input. We are running 100Mbps symmetric fiber to the MX. Our issue at this point is with our mobile users using a cellular hot spot (or worse, ADSL at home). In my testing, I get non-VPN connectivity results of 45/7 through my cell hot spot. When connected to the full tunnel VPN, speedtest results drop to 11/6. That is a pretty big overhead hit for the VPN :-). I can understand some overhead, but that much makes our remote users non-functional unless they have some pretty good bandwidth.
Asymmetric circuits (like DSL) can cause issues with the default symmetric time calculation system that Windows uses.
For an experiment, try enabling timestamps on both a users machine and a server they are accessing:
netsh int tcp set global timestamps=enable
Thank you for the input. Would we see that if one side is asymmetric and the other end is symmetric?
Yes. As soon as one side is asymmetric in response time, the whole TCP connection is asymmetric.
This may not be the problem - but back when my country use to still have DSL it was a common issue often helped a lot by enabling TCP timestamping.
Well...The first time it seemed to "work" and I received better results. However, after continued testing (fiber.google.com/speedtest) my jitter while on the client VPN went through the roof. In some tests, over 1000 😮 with some testing throughput at .7/.7 vs 57/9 while off VPN. Crazy!