Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jcardenas
New Contributor

IPSEC VPN Starlink speed issues

Hi, I am using a Starlink Bussiness with public IP, to create a VPN between a Mikrotik to a FG1500D.

 

Without the VPN on the, a laptop connected to the Mikrotik on site can reach 250/50 Mbps (Minimum 80/15 Mbps); but with the VPN Stablished the speed down to maximim 15/10 Mbps.

 

The connection is 

Laptop <--> Mikrotik RB960 <--> Starlink <--> Internet <--> F1500D <--> Internet

 

I tried changing the MTU, but nothing happen, I know that satellite system use tcp spoofing optimization techniques, but i cant confirm with starlink if thta feature is on his plattform and if this affect the VPN.

 

Somebody had the same issue?

 

Thanks in advanced 

 

21 REPLIES 21
srajeswaran
Staff
Staff

What is the mss value you see on TCP when VPN is not connected, and what is the MTU value you changed to?
We need to make sure the new MTU/MSS value can accommodate the encryption overload and avoid fragmentation.

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Faiza_Emam_Delhi
Contributor II

It sounds like you are experiencing a significant decrease in speed when using IPSEC VPN over your Starlink Business connection. This could be due to a few reasons.

One possibility is that the VPN is adding extra overhead to the data being sent and received, which can slow down the connection. You could try adjusting the encryption settings on the VPN to see if this improves the speed.

Another possibility is that there is congestion on the network, which can cause slower speeds. You could try running a speed test during different times of the day to see if there are certain periods where the speed is consistently slower.

It's also possible that there is an issue with the VPN configuration itself. You could try reaching out to the manufacturer of the VPN software for assistance in troubleshooting the issue.

Regarding the TCP spoofing optimization techniques used by Starlink, it's best to reach out to their support team for clarification on how this may be affecting your VPN connection. They may be able to offer some insight or even suggest adjustments to your VPN configuration to optimize it for use with their service.

I hope this helps, and good luck in resolving your speed issues!

Thanks & Regards,
Faizal Emam
Thanks & Regards,Faizal Emam
Vinnyard
New Contributor

Hey there,

I am having the same, or at least very similar issue, with the FortiNet VPN. I am running Starlink Residential and have 100-200 Mbps when testing through the app, 150Mbps when going through my iPhone and WiFi (AC2200 Orbi), and 30Mbps with my 11 year old desktop. All with pings in the 30ms. However, on my 'work' computer, a nearly new HP, I am getting 15Mbps with 30ms pings. 

 

So pings are not delayed, but data is severely restricted. Through many tests it is usually 50% or less of what the computer next to it not on VPN is getting (again the desktop is 10+ years old with a card that old).

 

The only thing I can guess is that the VPN tunnel does not handle intermittent packet losses well. But that is a guess and way above my knowledge. 

Toshi_Esumi
Esteemed Contributor III

Just drop the VPN and test direct internet speedtest from your work computer. That would prove or disprove your theory.

 

Toshi

Vinnyard
New Contributor

Well, work laptop without VPN, 150Mbps, work laptop on FortiClient 15Mbps. It is the VPN, but why? I'm sure it is a programming issue way above my knowledge. 

Toshi_Esumi
Esteemed Contributor III

Not a programing issue. But might be a performance issue of the laptop plus the FortiGate and internet performance issue via the FortiGate. You need to talk to whoever manages the FortiGate, likely your org's IT group.

 

Toshi

Vinnyard

I'll do that. Not sure he's good enough to figure it out if there is an interface issue between the Laptop and the VPN. I am also going to go to a landline (Cox cable) and try that. If it is faster on the cable, then it is really an interface issue with the VPN gate and satellite.

Toshi_Esumi
Esteemed Contributor III

I assumed you had a VPN from your laptop to the Fortigate your org hosts all those VPNs. Do you have a local Fortigate at your place and site-to-site VPN to the HQ or wherever the other end?

 

Toshi

Vinnyard

I have Forticlient on my laptop, and the VPN goes to the orgs server.

I did log into the laptop and did a speed test (no VPN) and I was getting 150Mpbs.

Through the VPN I am getting 15Mbps (for this set of tests) 

Our main office has GB dedicated line, and only about 50 users.

I really belive there is something the VPN is doing to slow the speed.

Just guessing because I have little idea how these things actually work, but I do believe the satellite system has more packet drops. Which usually are not a big deal, but if the VPN detects these packet losses and has to re-authenticate something, it may be causing a data slow down. 

 

There is something going on with

Labels
Top Kudoed Authors