I have a new work laptop which I connect to VPN. As soon as I connect to the VPN, the rest of the devices on my network go from 270Mbs download to around 10Mbs download and 24Mbs upload to like 4 or 2mbs.
When I disconnect the VPN, back to normal speeds again.
The work laptop is plugged into ethernet and so is the PC I speed test from.
I’ve also tried putting the work laptop into an isolated guest WiFi network.
This is super weird to me, I get the VPN will slow the internet for the work laptop that is using it but why the hell is it affecting the rest of my devices on the network? Anyone have any ideas?
my guess is it’s shitting out wpad requests. Do you have apple devices? Do those apple devices have find my iphone or whatever it is enabled?
How old is your router? If this is actually your router rt-ac86u router … you need to seriously upgrade this thing is 40 dollars on ebay. … I don’t even have to look at the specs.
I assume this is a split tunnel type access VPN and not a hardware device or something. To be honest I really don’t believe you that it would slow down your network.
However if you have a really poor router it’s possible there is not enough offload capability. If you have a cheap 1gbit router that is IPSEC capable you will probably find a 20% overhead reduction on the tunnel. A user access VPN as your describing would not be relevant to that.
You have provided no context such as what Ethernet device is everything plugged into, is it a switch, a router etc. is this a issue at the edge device or does directly connected devices experience this (within layer 2)
How are you determining these bandwidth numbers? It sounds like your not testing throughput internally but externally. Are you doing this on the laptop, another device etc?
Given it is a work laptop your work can probably help figure it out for you as they both support the laptop and need you on a stable environment after all that’s what they are there for. Providing very limited context and troubleshooting info here doesn’t help anyone.
Enterprise Networker vpn manager here. We got a ticket from a few users in our company about the same complaint. From our point of view it made no sense, one device on a network establishing a vpn connection to our gateway should not and could not slow down other devices on the users’ network. To make it more confusing the users were in different geographic locations on different ISPs.
I believe that many ISPs are purposely throttling work vpn traffic and unfortunately they do not throttle just that one traffic flow, they throttle the entire customer modem when it detects the vpn start up. The ISP will deny this if you call them, and several engineers that read and post here work for ISPs and will tell you they don’t do this, but there’s really no proof they aren’t lying.
Is the main firewall/Internet router also used for the VPN connection? Or do you have a separate VPN router?
Assuming you’ve already ruled out excessive traffic from the VPN endpoint, likely the crypto of the VPN is taxing the router, many cheap firewalls do “CPU routing” instead of ASIC routing and may lack hardware crypto acceleration so that is also done in CPU.
Check mtu of the VPN and see if it’s fragmenting or doing anything else weird on a wireshark capture. It’s a stretch but if you are fragmenting up stream it could bog down really low end devices by filling frag tables or specific buffers which would then affect all traffic through it. Id do a wireshark before/during and see if tcp retransmission or anything become a lot more common.
I’d also run a udp iperf test when it’s occurring to see if it’s tcp specific as udp can easily flood the pipe
I’d also create the issue then forcible limit the upload on the machine with the vpn. I’ve seen what you are talking about and turned out to be backup software stealing all uplink bandwidth which then crushes connections trying to establish. I know you said you checked but doesn’t hurt as a test to verify as it’s pretty common
So dumb question here. Is the firewall you’re VPNing to also the same firewall that’s controlling outside internet for the PC you are testing from? If so I’d bet it’s in the configuration of your VPN/Firewall. Things to consider.
Ethernet and Wireless are both contention based technologies. Is your VPN laptop syncing with a WSUS server or performing some type of system sync when connected? If you don’t have QoS configured I’d consider doing so.
Is your VPN configured correctly? This is a serious question because you can setup the VPN in certain ways that will kinda work, but not work effectively.
2a. Some people allow the router to fragment DF marked packets. While you can do that, that is extremely taxing on the firewall because now the firewall and the VPN software have to be in concern on rebuilding that packet. This can kill a firewall that doesn’t have alot of extra horsepower under the hood.
2b. Are you blocking all ICMP traffic inbound/outbound from your firewall/VPN appliance and the VPN laptop? If you are you need to stop doing that. ICMP is more than just ping and trace route. There are a ton of ICMP protocols that you want to enable Source-Quench, Packet-too-big, and Parameter-Problem being three that immediately spring to mind. Without these you will get constant packet retransmission.
2c. Do you have your MTU set appropriately for your VPN connection? I’ve personally found having a MTU around 1250 works best in my deployments. Most typical wireless/wired networks have a 1500 MTU, but I have alot of people that VPN using LTE/Hotspots and the max MTU for most cellular carriers is 1428 with some being 1420. So I sized my MTU accordingly.
You have a fairly limited upload speed. Do you have anyway to graph usage on your uplink in your firewall? If you are using enough of your upload bandwidth it can slow down everything.
Edit: to explain further. TCP/IP is a 3 way communication. If you push enough traffic on the upload it can break this 3 way communication.
I don’t think the VPN is using split tunneling unfortunately but I’m not 100% on that, I’ll check properly tomorrow, given up for now hence I’m here .
I’ve got an asus rt-ac86u router with a virgin router in modem mode.
My windows pc where I ran the speed test is connected directly to the router via ethernet.
The internet speed dies soon as VPN is connected, whether the work laptop is on WiFi or ethernet, doesn’t seem to make any difference.
Yea I’ve raised an incident with work so we’ll see what happens. Main thing I’m hoping is that updating the VPN client is an option and that that might fix it.
Wanted to post here as I’d class myself as pretty good with computers/networking etc so feel like work will struggle to diagnose the issue.
Also some extra info on my asus router, it’s flashed with merlin firmware and is on the latest version.
I was having a similar issue at my work. It was only affecting users trying to control ip cameras on site through vpn. And some other traffic but not all traffic. I ran iperf tests to and from a server on site and showed good throughput. There was definitely some really odd behaviors I have been seeing. The vpn tunnel is just a basic ssl vpn tunnel with split tunneling active and no qos rules or limits. He firewall at the other end of the vpn tunnel is connected to a 10gb wan circuit.
For the op I would make sure split tunneling is active and see if they can force DTLS on the connection. I am not sure why it would affect all traffic on the home network even for other devices but I would try replacing the home router.
.