cancel
Showing results for 
Search instead for 
Did you mean: 

L2TP/IPSec VPN Slow

garyjlynch
Newbie
Posts: 2
Registered: Wednesday

L2TP/IPSec VPN Slow

There have been past posts on this subject and I have read them all but I am convinced there is a problem with L2TP over IPSec VPN connections with Plusnet.

 

I have two fibre broadband lines, one with BT the other with Plusnet.

Both connect at about roughtly the same speed. 

Both are using a DrayTek Vigor 2862ac router, configured identically.

I am using the Windows 10 L2TP client to connect to a DrayTek Vigor 3910 router in work.

Through the BT connected router I acheive a throughput of 77Mbs, through the Plusnet connected router I achieve 5Mbs if I'm lucky and it sometimes drops out all together.

If I switch to a SSL VPN instead of L2TP/IPSec I will achieve around 77Mbs with Plusnet, it is only L2TP/IPSec that has a problem.

 

Everything is equal except BT vs Plusnet, how can this be, any ideas?

 

cheers

Gary

 

 

3 REPLIES 3
corringham
Seasoned Pro
Posts: 589
Thanks: 292
Fixes: 7
Registered: ‎25-09-2015

Re: L2TP/IPSec VPN Slow

I'd guess it is quite possibly an MTU issue.

Each connection has a maximum packet size that it can send in one piece. Basically, if a packet is larger than that limit it has to be split by the sender and then reassembled by the far end. If that isn't done then you will get packet loss and/or dropped connections. The MTU tells the devices what the limit for the path is. The default maximum is typically 1500.

However, when you use a VPN or L2TP, each packet has to be wrapped with extra information (basically putting your envelope inside another larger envelope to post it). That larger packet has to be no larger than the MTU for the link, so it reduces the effective MTU that your device can use.

Draytek tend to use a default MTU of 1442, but when I've used L2TP (over 4G) I have needed to set it as low as 1340.

I'd guess somewhere Plusnet have a lower MTU than BT, and your L2TP pusheds you over that limit. Reducing your MTU will probably resolve that.

To find the MTU value to use, use the command line ping command with the L2TP connection active

ping 1.1.1.1 -f -l 1500

and try values other than 1500 (but divisible by 4) until it no longer reports the packet as being fragmented.

garyjlynch
Newbie
Posts: 2
Registered: Wednesday

Re: L2TP/IPSec VPN Slow

Thanks for the MTU advice, I had previously and have again since spent a lot of time looking at the MTU & MSS but can't find an issue.

 

corringham
Seasoned Pro
Posts: 589
Thanks: 292
Fixes: 7
Registered: ‎25-09-2015

Re: L2TP/IPSec VPN Slow

OK, in that case I think you may have to resort to Wireshark or similar to capture just what is going on. Plusnet staff aren't really in a position to help with most VPN issues, and fellow fora denizens that use VPNs generally only have their own experiences to go by.

It will very probably be something simple to resolve - it is finding the precise problem that is hard.