- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm hoping someone has answers.
Switched to Verizon home 5G and getting the expected 300/20 speeds regularly on my devices including work laptop, till I go on a VPN. This testing is from 2 PCs (one older desktop (personal) and new work laptop
Desktop gets the 300/20 all the time, set up a virtual machine with VPN and get 69/20, which is fine for that. Shows things are working decently on that VPN.
Work laptop when not on VPN gets the same 300/20 I connect it to work VPN (GlobalProtect) and it drops to 8/1
I take it with me to someone else's house using Spectrum and it's in the 200/30 range on VPN.
Talked to my company network team and they say everything is working as expected from their end, the issue is Verizon, Verizon says not their issue.
Solved! Go to Correct Answer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
GlobalProtect can use a few different types of tunnels. Is GlobalProtect using TCP (TLS) or UDP (DTLS, IPSec) for the tunnel type? Your IT Department may be able to help you determine this. Your speeds might be due to using TCP tunneling.
Alternatively, if the MTU for the VPN is set too high, there might be some packet loss happening. A 4G/5G connection has an MTU of 1472 (1470 is a safer value to settle at) whereas DOCSIS and Fiber (what Charter/Spectrum uses) can carry at an MTU of 1500 (standard for Ethernet), so if you're trying to send packets which are too big, they may get fragmented or dropped. This drops the bandwidth.
If the Firewall on your router is set too high, it may also be blocking the VPN's ability to use UDP tunneling.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try blocking UDP port 4501 with the local firewall (in/out) on your computer. That will force the GlobalProtect client to fallback to SSL instead of IPSec. Apparently, that's been a solution for a few organizations. Also, make sure that SSL VPN is enabled with your IT folks before trying this step.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I solved my own problem after reading in other forums. I changed the MTU on the Utun connection that is created when connected to Unify teleport VPN. It defaulted to 1420, I set it to 1300 and all problems have gone away.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
GlobalProtect can use a few different types of tunnels. Is GlobalProtect using TCP (TLS) or UDP (DTLS, IPSec) for the tunnel type? Your IT Department may be able to help you determine this. Your speeds might be due to using TCP tunneling.
Alternatively, if the MTU for the VPN is set too high, there might be some packet loss happening. A 4G/5G connection has an MTU of 1472 (1470 is a safer value to settle at) whereas DOCSIS and Fiber (what Charter/Spectrum uses) can carry at an MTU of 1500 (standard for Ethernet), so if you're trying to send packets which are too big, they may get fragmented or dropped. This drops the bandwidth.
If the Firewall on your router is set too high, it may also be blocking the VPN's ability to use UDP tunneling.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello and thanks,
It's using IPSEC with a MTU of 1400 that if I change it flips back right away.
I did some ping tests for fragmentation and it is not fragmenting the packets.
I've tried wires with a docking station, wireless to my internal access point, and wireless directly to the verizon box, all get the same results.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try blocking UDP port 4501 with the local firewall (in/out) on your computer. That will force the GlobalProtect client to fallback to SSL instead of IPSec. Apparently, that's been a solution for a few organizations. Also, make sure that SSL VPN is enabled with your IT folks before trying this step.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It sounds like it's just one computer (your work laptop) that has the GlobalProtect VPN issue when you're at home on Verizon 5G.
Thoughts on troubleshooting that I didn't see mentioned:
- Do you experience the same behavior with your work laptop running slow on the VPN when you're connected to your Verizon 5G router via WiFi, Ethernet, or both?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have tried with my laptop connected via Ethernet and Wi-Fi, the result is the same. I have also tried creating a hotspot on my phone which is Verizon 5G and the result is also the same. I think this proves that there's no network issue in my home. The issue obviously is some sort of compatibility between Verizon and the VPN.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What does a trace route look like when you're seeing the slow issues thru Verizon? It's entirely possible there's one (or more) bad routes in play...especially as you're seeing faster upload speeds than download speeds when on the VPN. If you need help on the steps for the traceroute (it would be to the hostname or IP your GlobalProtect client is connecting to -- if unknown your IT folks can provide it).
I've had issues with other ISPs similar to this before and you have isolated that it's almost assuredly not your PC as the GlobalProtect VPN is working normally with every other ISP you try.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try blocking UDP port 4501 with the local firewall (in/out) on your computer. That will force the GlobalProtect client to fallback to SSL instead of IPSec. Apparently, that's been a solution for a few organizations.
Also, make sure that SSL VPN is enabled with your IT folks before trying this step.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Background:
I work from home periodically and have Verizon 5g home internet. Generally, the performance I get without a VPN is good. However, when connected to VPN speeds drop significantly. Transferring a 100Mb time from the server at work can take about 10 minutes which is unacceptably slow.
Steps taken:
In order to isolate the problem I have connected my laptop to various ISPS and checked the performance on VPN. I checked at my dad's house who has ATT dsl and the performance was good. As I stated the performance is bad at my home with 5g home internet. (results below) I thought.... perhaps it is a network issue????? I connected via gigabit ethernet directly to the router. The performance was the same. I then tried using the 5g hot spot on my Verizon phone and experienced similarly poor performance. I think this indicates that the issue is an issue between my work VPN and Verizon 5g not just 5g home internt.
A user on the old thread suggested that I block the port 4501 to force the VPN onto SSL rather than Ipsec. I tried this and it made no difference. However, I have been working with IT department which points the finger at Verizon while Verizon does the opposite. š¤ Anyway, they told me that our VPN is not IPsec or SSL. We use Unifi Teleport VPN which uses the Wireguard protocol.
Speed test results
Verizon 5g : 213 Mbps Down 30Mbps up
VPN with Verison 5g: 17Mbps Down 30Mbps up
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I solved my own problem after reading in other forums. I changed the MTU on the Utun connection that is created when connected to Unify teleport VPN. It defaulted to 1420, I set it to 1300 and all problems have gone away.