Windows RRAS VPN service running slower than expected.

Question

We run MS AlwaysOnVPN on our laptops. Currently in a round-robin configuration between two different VPN servers balancing about 800 users.

The majority of their work is via O365 so doesnt cross the vpn, and a few internal services and files. Also most users only have ADSL or similar asynchronous internet at home, so we never really noticed any speed issues until recently.

The VPN servers are hosted on a GBIT line, and we have some users who now have GBIT fibre connections who have been reporting slow speeds.

We initiated an investigation and slowly eliminated all possible bottle necks from the system one by one until we were left with a fresh built stand alone 2022 server, and a laptop with none of our domain GPOs or other security measures added. Both plugged directly into the same gbit switch. Short of a direct cable this is as close as you can get.

Even in this setup it seems that MS RRAS is maxing out at around 350mbit/s for windows 10 clients, or around 600mbit for Windows 11 clients. Running the same tests from both win 10 and 11 clients direct to the server without the VPN gets full line rate (about 1gbit/s) so the network cards, and machines can deal with the throughput, just not when its encrypted.

This doesn't appear to be a CPU / RAM / Disk / Bandwidth limitation on either the server or the client, but equally there doesnt appear to be any settings to throttle the speed anywhere.

The servers are Dell PowerEdge R340 with plenty of ram and SSD's. The laptops are all Dell 7420's or newer. i7's with plenty of ram and ssd.

I am aware VPNs have processing, and packet, overheads but given that none of the resources on the machine are being taxed I dont think we are hitting those limits yet.

Can anyone explain why there's almost a 100% speed increase moving to windows 11?

Or why even when its going that much faster its so much slower than expected?

Can anyone suggest things we can try to speed it up?