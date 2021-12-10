Geekzone: technology news, blogs, forums
Slow Gigabit VPN 2Degrees to 2Degrees
SneakerPimps

89 posts

Master Geek


#291876 10-Dec-2021 20:52
I'm based in Auckland trying to connect 2 sites that have 2Degrees Gigabit UFB. I've tried Ubiquiti site to site VPN and Zero Tier. In either cases the performance is quite slow, a maximum upload/download of 2Mb/sec.

 

At first I thought it was the Ubiquiti router not being able to handle the throughput, so I tried Zero Tier, on each client computers, with the same results. Also, when using Zero Tier to connect to another site that isn't on 2Degrees, I seem to be able to max out the connection.

 

Anyone else experiencing this?

 

I'm tempted to change providers at one of the sites.

mentalinc
2459 posts

Uber Geek

Trusted

  #2830169 10-Dec-2021 20:55
100% not a problem with ISP.

 

It's just traffic to them, they not slowing down the VPN traffic.

 

Suggest you put a proper VPN server on a device(PC/laptop) (not router) and see what happens.

 

Try either openvpn or WireGuard




SneakerPimps

89 posts

Master Geek


  #2830176 10-Dec-2021 21:16
It doesn't really explain why VPN'ing with Zero Tier to another site with another ISP is fine.

 

Also, I've found Zero Tier to perform better than OpenVPN, and performs about the same with WireGuard.

mentalinc
2459 posts

Uber Geek

Trusted

  #2830178 10-Dec-2021 21:25
So you have tried when using Zero Tier to connect to another site that isn't on 2Degrees, I seem to be able to max out the connection. on both devices and they both work full speed?




SneakerPimps

89 posts

Master Geek


  #2830179 10-Dec-2021 21:28
Yes, using Zero Tier on a PC to another PC at another site, that isn't on 2Degrees, is almost maxing out the upload on both sites.

michaelmurfy
/dev/ttys0
10951 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #2830197 10-Dec-2021 22:37
Have you followed through the Zerotier documentation, namely around Relaying and have both ends got public IP addresses? If one end has a CG-NAT address then performance as a whole will suffer: https://docs.zerotier.com/zerotier/troubleshooting/

 

Also over the years all your threads on Geekzone are in relation to speed issues. It doesn't matter what provider you're with, you'll always find something wrong with them. More and more providers are moving towards CG-NAT also due to the lack of IPv4 addresses. I would recommend getting IPv6 enabled on your network as you'll find it gets around many of these limitations especially using Zerotier (which can work over IPv6) on a provider who does IPv6 right - if you had IPv6 enabled on both sides you likely won't have connection or speed issues.




SneakerPimps

89 posts

Master Geek


  #2830254 11-Dec-2021 00:50
Yes, I have followed the documentation. I don't seem to be having any issues with latency between sites both on 2Degrees and other ISPs.

 

In all situations it's either a static IP address or non CG-NAT.

 

To be fair, most of my threads were about speed issues that were out of my control. I'd like to think they did help to iron out glitches between Chorus and the ISP. I know there are elements of hardware or configuration faults on the end user, but I do try to work this out before posting.

 

I just think it's a little strange that the performance issues are only between 2Degrees to 2Degrees sites. 2Degrees to other ISPs are fine.

 

I'll try IPv6 and see how it goes. Need to look into how to do this with UniFi again, as the last time I saw it was a bit of a mission.

sparkz25
751 posts

Ultimate Geek
Inactive user


  #2830280 11-Dec-2021 08:25
What's the latency between the machines that are having the problems as opposed to the machines that are not having the problem?



deadlyllama
1146 posts

Uber Geek

Trusted

  #2830283 11-Dec-2021 08:29
Do you have any way with either system of telling if the two ends are communicating directly or via a relay out on the internet somewhere?

chevrolux
4962 posts

Uber Geek
Inactive user


  #2830357 11-Dec-2021 12:01
Am I not reading this properly?... are you saying throughput is fine with PC clients, and only bad when using the routers to terminate the VPN?

Quite clearly a lack of resources on the routers. Just get some proper routers as opposed to UBNT toys and away you go.

SneakerPimps

89 posts

Master Geek


  #2833211 16-Dec-2021 01:59
sparkz25:

 

What's the latency between the machines that are having the problems as opposed to the machines that are not having the problem?

 

 

The same as latency (5-10ms).

 

deadlyllama: Do you have any way with either system of telling if the two ends are communicating directly or via a relay out on the internet somewhere?

 

I'm pretty sure it's not relaying. The latency would indicate would also indicate this.

SneakerPimps

89 posts

Master Geek


  #2833212 16-Dec-2021 01:59
chevrolux: Am I not reading this properly?... are you saying throughput is fine with PC clients, and only bad when using the routers to terminate the VPN?

Quite clearly a lack of resources on the routers. Just get some proper routers as opposed to UBNT toys and away you go.

 

No, I'm saying both PC clients and router VPNs perform poorly. I understand the UniFi router may be a limitation at some stage, but I don't believe this is the issue in any case.

 

 

 

Let's just take the routers out of the equation. Just using Zero Tier client on PCs should yield the best performance, as it's direct connection.

 

 

 

I'm yet to try IPv6, but I'm not holding my breathe.

deadlyllama
1146 posts

Uber Geek

Trusted

  #2833236 16-Dec-2021 08:48
Is there another throughput test you can do, site to site, without the VPN?

Either using a specialised product or standing up an HTTP server at one end, forwarding a port from the router to it, and timing the download of a large file from the other site? For proper comparison do a local test of the HTTP server from a other PC on the same LAN too!

Lorenceo
876 posts

Ultimate Geek

Trusted

  #2833550 16-Dec-2021 15:32
I tried this out yesterday between a 2degrees connection in Auckland and one in Hamilton, just out of interest.

 

It wasn't entirely like-for-like compared to OP's scenario as in addition to the lines not being in the same city, only the server side is 1000/500Mbps (Auckland). The other is 300/100Mbps (Hamilton). No sign of the 2Mbps limit in either direction though - managed to achieve the full 300/100Mbps throughput of the second line while connected through a VPN from the first. Both lines have static IPs. Testing was done over IPv4.

michaelmurfy
/dev/ttys0
10951 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #2833566 16-Dec-2021 16:11
Hmm, forgot to mention I've actually got a site to site VPN running on my router (Mikrotik) to a USG Pro - other person is also on 2degrees and overnight there is a backup job run to backup his Synology. I can see the backup runs at about 500Mbit (maxing out his upload). A test just now confirmed that I am getting my max upload through this VPN.

 

So, problem is 100% on your end.




dt

dt
1074 posts

Uber Geek


  #2833630 16-Dec-2021 18:18
I can’t see how it’s 100% a problem on his end when he achieves better performance off network.

@sneakerpimps my suspicion that since your end is able to achieve better performance to another client off network maybe there’s something up with the network or pc on the other end of the 2deg setup or yeah it’s something strange going on with 2deg in your instance.

Is there a 2deg engineer that lurks these forums like a couple of the other isps?

