Find the perfect gift for the grad in your life with Graduation gifts that connects us from AT&T.
Get superfast AT&T Fiber internet
Aaargghhh's profile

Contributor

 • 

2 Messages

Thursday, August 9th, 2018 3:45 AM

Arris NVG595 miserable VPN performance

I have 500/500 fiber at two offices and am attempting to link them via a Ubiquiti EdgeRouter and IPSec VPN, which can handle about 300Mb with direct connection.  Once we connect it to the ATT service, performance drops to 30-40Mb (33Mb average). I know it isn't my routers, as I actually have two at each end, and either one can send ~33Mb, or testing both at once they will share the 33Mb. 

 

(Speed testing is primarily via iperf3 or rsync and one-second and 60-second tests are similar results.)

 

I can get ~450Mb site to site sending unencrypted traffic, or 33Mb encrypted plus the remainder unencrypted. All firewall features are disabled on both ends. 

 

So, is it AT&T messing with the traffic or the Arris 595 router?  (ATT denies any qos, but I don't really trust the support people.). Is there any way to bypass the Arris box and plug the SFP module directly into my EdgeRouter, or do I have to try to spoof the authentication traffic?

 

Or, do I need to just bypass ATT and go with a different provider?

 

 

Community Support

 • 

232.2K Messages

6 years ago

Hi @Aaargghhh,

do you have a business or residential account with us? We look forward to your reply!

Dee, AT&T Community Specialist

Scholar

 • 

93 Messages

6 years ago

OP, check your MTU settings.  I had similar issues with poor throughput until I dropped the MTU down to 1472 bytes on the gateway and firewall's LAN/WAN interfaces (all 3).  Gateway was configured in IP passthrough mode.  Firewall is sophos UTM.

 

After this change I was able to saturate the download of the connection I was using (cable - 175 mbps).  Need a faster download at the receiving end to see what it actually tops out at. This was using L2TP/IPSec.  Openvpn was slower.

Contributor

 • 

2 Messages

6 years ago

It isn't a business account.

 

@Gpz1100 I have tweaked the MTU (as well as mss-clamping). MTU needed to be 1436 on the LAN side to avoid fragmenting; the WAN was higher to allow for the tunnel encapsulation, but I have confirmed there is no fragmentation. 

Scholar

 • 

93 Messages

6 years ago

Did changing those help improve vpn speeds at all?

I wasn't sure if I needed to mess with the wan mtu on the gateway, but adjusted it to the same as lan.  I can't recall where this suggestion originally came from.  I think it was one of the vpn threads on the sophos utm forum, but sure enough it did help.

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.