VPN optimisation
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ARGH!
That has been my experience with setting up a VPN on this router. One particularly amusing/infuriating bug I discovered is that a disabled IPsec policy still affects operations, i.e. good luck configuring an encrypted L2TP server if you even have a sniff of an IPsec policy.
But that is all beside the point, I've come seeking advice on VPN throughput optimization. ISP speed on my (remote) end is 250 Mbps, office is 50 Mbps. The use case is remote workers using remote desktop to interact with a central Windows workstation using both Mac (parallels based virtual Windows) and Windows.
The device is connected on the WAN port to the ISP Vlan 4094, LAN port 1 goes to a work station and LAN port 2 goes to the wireless mesh. All of these are running on Vlan 1.
DCHP range: 192.168.10.113-199
VPN IP pools:
general: 172.30.1.2-20
pptp: 192.168.10.235-250
ipsec: 192.168.10.219-234
wireguard: 192.168.10.203-218
VPN server range: 192.168.10.50-60
l2tp_test: 192.168.10.50
PSK: xxxxxxxx
pptp_speed: 192.168.10.51
pptp_test: 192.168.10.98
office_vpn: 192.168.10.99
I'm currently running most of it unecrypted because I want to get throughput optimised first and then worry about security.
so if i connect to l2tp_test account (unencrypted) using the ipsec ip range I get <1 Mbps
if I connect to office_vpn (ipsec, with PSK) using the general VPN range I get ~3.5 Mbps
if I connect to pptp_speed account using the pptp ip range I get ~5 Mbps
and if I connect to pptp_test using the general vpn ip pool I get ~20 Mbps
I'd love to give numbers for wireguard but I can't get a functional connection there.
All of this is a long way short of the ~80% of Office ISP speed (~40 Mbps) I expect.
Does anyone know why I'm getting speed variation based on IP? Anyone got any ideas on how to do this properly/better? My idea was that by putting everything on the same subnet would avoid routing issues, and yet the connections using 172.30.1.x are faster. Anyone got any idea how to get a VPN that actually gives 80% throughput using a ER7206 router or are my assumptions way off here? Feeling a little annoyed I bought a VPN router that advertised such high throughput and yet falls so short in actual usage, but it could be this monkey of a sys admin.
Would moving the VPN server IP address to 172.30.1.x help things? should it be there?
P.S to support my Mac users I really need to get the L2TP working reasonably as they are reporting Mac does not support PPTP connections.
I do a test now for fun. I have one of ER7206 in lab and I setup a L2TP Server
firmware is 1.3.1 and I copy a file with 100-150 Mbps, this have never happend before as I remember. IP Pool is a random and not same as my lan
but the vpn on this router is highly unstable so it is not certain that it will be the same in an hour or tomorrow
VPN config is this
Thanks for the reply, pardon the delay, was on holiday.
Using fast.com for speed tests.
Site A: 260 Mbps down, 25 Mbps up
Site B: 46 Mbps down, 15 Mbps up (ER7206 location, this should be 50 Mbps up and down I'll need to go in and find what is using the up link so heavily)
Connected to L2TP from site A I get 4.6 Mbps down and 5.0 Mbps up
Connected to PPTP from site A I get 2.7 Mbps down and 19 Mbps up (I think this is due to fluctuations in usage of the up link, as it is higher than the test at site B)
Connecting my computer at site A to the workstation at site B using tailscale (a wireguard implementation) I get 10.2 Mbps up and down using Iperf3
the above using L2TP 5.70 Mbps
and using PPTP 15.3 Mbps (This seems about what I would expect, but leaves my Mac users in the cold)
Not sure about removing NAT, as best I can tell it isn't on.
