VPN optimisation

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

VPN optimisation

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
VPN optimisation
VPN optimisation
2023-07-14 02:06:01
Model: ER7206 (TL-ER7206)  
Hardware Version: V1
Firmware Version: 1.3.0 Build 20230322 Rel.70951

ARGH!

 

That has been my experience with setting up a VPN on this router. One particularly amusing/infuriating bug I discovered is that a disabled IPsec policy still affects operations, i.e. good luck configuring an encrypted L2TP server if you even have a sniff of an IPsec policy.

 

But that is all beside the point, I've come seeking advice on VPN throughput optimization. ISP speed on my (remote) end is 250 Mbps, office is 50 Mbps. The use case is remote workers using remote desktop to interact with a central Windows workstation using both Mac (parallels based virtual Windows) and Windows.

 

The device is connected on the WAN port to the ISP Vlan 4094, LAN port 1 goes to a work station and LAN port 2 goes to the wireless mesh. All of these are running on Vlan 1.

 

 

DCHP range: 192.168.10.113-199

 

VPN IP pools:
general: 172.30.1.2-20
pptp: 192.168.10.235-250
ipsec: 192.168.10.219-234
wireguard: 192.168.10.203-218

 

VPN server range: 192.168.10.50-60

l2tp_test: 192.168.10.50
PSK: xxxxxxxx

pptp_speed: 192.168.10.51

pptp_test: 192.168.10.98

office_vpn: 192.168.10.99

 

I'm currently running most of it unecrypted because I want to get throughput optimised first and then worry about security.

so if i connect to l2tp_test account (unencrypted) using  the ipsec ip range I get <1 Mbps

if I connect to office_vpn (ipsec, with PSK) using the general VPN range I get ~3.5 Mbps

if I connect to pptp_speed account using the pptp ip range I get ~5 Mbps

and if I connect to pptp_test using the general vpn ip pool I get ~20 Mbps

I'd love to give numbers for wireguard but I can't get a functional connection there.

 

All of this is a long way short of the ~80% of Office ISP speed (~40 Mbps) I expect.

 

Does anyone know why I'm getting speed variation based on IP? Anyone got any ideas on how to do this properly/better? My idea was that by putting everything on the same subnet would avoid routing issues, and yet the connections using 172.30.1.x are faster. Anyone got any idea how to get a VPN that actually gives 80% throughput using a ER7206 router or are my assumptions way off here? Feeling a little annoyed I bought a VPN router that advertised such high throughput and yet falls so short in actual usage, but it could be this monkey of a sys admin.

 

Would moving the VPN server IP address to 172.30.1.x help things? should it be there?

 

P.S to support my Mac users I really need to get the L2TP working reasonably as they are reporting Mac does not support PPTP connections.

  0      
  0      
#1
Options
7 Reply
Re:VPN optimisation
2023-07-14 04:49:43 - last edited 2023-07-14 04:56:35

  @Fervens 

 

Sorry to say it but the ER7206 is no better. spec is simply wrong. I have replaced two ER7206 with ER605v2 which is 5-10 times faster with Siter to site VPN. I don't know how big the difference is between L2TP or PPTP.

I have tried all possible settings on ER7206 for several years but finally had to give up.

 

The ER7206 also does not have Hardware Offload, which is probably why it is so incredibly slow

 

Maybe ER7206v2 or ER707-M2 is better choice for you. according to TP-Link VPN speed is mutch better.

 

 

 

 

  0  
  0  
#2
Options
Re:VPN optimisation
2023-07-14 05:31:47

  @MR.S 

 

I'm a little concerned you might be right. Having said that I won't be replacing it with a 605 any time soon. If it comes to that I'll look at a different provider, someone with better documentation and wireguard support.

 

So basically it looks like there is nothing glaringly wrong with our VPN setup and this is just the nature of the hardware we have?

 

::Sigh::

  0  
  0  
#3
Options
Re:VPN optimisation
2023-07-14 05:45:26 - last edited 2023-07-14 05:53:53

  @Fervens 

 

I do a test now for fun. I have one of ER7206 in lab and I setup a L2TP Server

firmware is 1.3.1 and I copy a file with 100-150 Mbps, this have never happend before as I remember. IP Pool is a random and not same as my lan

but the vpn on this router is highly unstable so it is not certain that it will be the same in an hour or tomorrow

 

 

VPN config is this

 

  0  
  0  
#4
Options
Re:VPN optimisation
2023-07-14 06:10:49

  @Fervens 

 

yaha it was short time fun, so higly unstabel.

 

  0  
  0  
#5
Options
Re:VPN optimisation
2023-07-17 02:26:39

Hi @Fervens 

Can you share the Internet upload speed(Mbps) of your benchmark devices?

e.g. Site A, VPN server, 100Mbps ISP upload, 50Mbps download

B, 10Mbps ISP upload, 20Mbps download

Problem: Site B device is getting 10Mbps or less than 3Mbps speed.

 

In addition, have you tried to remove the NAT on your TL-LINK's WAN? To the best of my memory, NAT can affect traffic because there are four ways to translate the IP. That may have an impact on your speed. Can you check that?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#6
Options
Re:VPN optimisation
2023-07-27 00:10:37 - last edited 2023-07-27 01:43:53

  @Clive_A 

Thanks for the reply, pardon the delay, was on holiday.

Using fast.com for speed tests.

 

Site A: 260 Mbps down, 25 Mbps up

 

Site B: 46 Mbps down, 15 Mbps up (ER7206 location, this should be 50 Mbps up and down I'll need to go in and find what is using the up link so heavily)

 

Connected to L2TP from site A I get 4.6 Mbps down and 5.0 Mbps up

Connected to PPTP from site A I get 2.7 Mbps down and 19 Mbps up (I think this is due to fluctuations in usage of the up link, as it is higher than the test at site B)

 

Connecting my computer at site A to the workstation at site B using tailscale (a wireguard implementation) I get 10.2 Mbps up and down using Iperf3

the above using L2TP 5.70 Mbps

and using PPTP 15.3 Mbps  (This seems about what I would expect, but leaves my Mac users in the cold)

 

Not sure about removing NAT, as best I can tell it isn't on.

  0  
  0  
#7
Options
Re:VPN optimisation
2023-08-01 08:00:04 - last edited 2023-08-01 08:15:42

Hi @Fervens 

Since you mentioned that you have some devices taking up the uplink. Now it's been a few days, do you run some more tests? Does the VPN speed increase?

Try the OpenVPN and Wireguard. Can you reach the best speed of your uplink?

 

BTW, can you test your speed from iperf3? Not through VPN but test your internet speed on both sites and another iperf test between two sites.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#8
Options