Always On VPN IKEv2 - Poor Performance over WiFI?

Piotr Mikqus 6 Reputation points
2021-04-14T10:02:49.557+00:00

We have a similar problem in our organization as some have written here before.
Unfortunately there is still no solution.
During a VPN connection, the bandwidth when working in a WIFI connection is very low.

Wired file copies are in the 10 MB/s range.
Wireless file copies are in the 1 MB/s range.

This applies to all home users.
This is not an individual situation.
Has anyone already encountered this and perhaps found a solution?

Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
2,271 questions

8 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Gary Nebbett 5,721 Reputation points
    2021-05-14T07:06:16.897+00:00

    Hello @Piotr Mikqus ,

    If this problem still persists and you would be prepared to share network trace data then we could try to understand the cause of the problem. The approach that I would propose would be close to that used to solve this question: https://learn.microsoft.com/en-us/answers/questions/390860/remote-connections-speed-limited-to-about-15-mb-s.html.

    Gary

    1 person found this answer helpful.
    0 comments
  2. Thomas Gusset 36 Reputation points
    2021-07-06T13:02:09.15+00:00

    Hi
    we have exactly the same issue.
    Good SMB2 performance (around 10 MByte/s) if client is connected via LAN.
    Poor SMB2 performance (around 1 MByte/s) if client is connected via WLAN (2.3 or 5 GHz).
    We don't see the issue if we use SSTP instead of IKEv2.
    Measuring Internet speed shows no significant difference between LAN and WLAN (force tunnel, speedtest.net).
    Curiously we have an other customer where we don't see this issue (good SMB performance with LAN and WLAN).
    Configuration is exactly the same.
    Internet bandwidth is also not a bottleneck (> 200/200 MB/s)

    Any ideas?

    Thanks, Thomas

    1 person found this answer helpful.
  3. Gary Nebbett 5,721 Reputation points
    2021-07-14T15:06:39.953+00:00

    Hello All,

    Together with Thomas. I investigated this problem and we believe that we have found the explanation for the poor performance. If the explanation is correct, which we believe it probably (and mostly) is, then there are no practical workarounds.

    I placed a more detailed analysis of our work at: http://gary-nebbett.blogspot.com/2021/07/slow-performance-of-ikev2-built-in.html.

    In summary, there are two weaknesses in Microsoft components:

    1. The implementation of the TCP CUBIC congestion control mechanism.
    2. The distribution of work to worker threads by AgileVpn.sys (the IKEv2 WAN Miniport driver).

    It takes a "third" ingredient to trigger the problem: the design of the network adapter device driver - in particular when it first indicates the arrival of a packet to NDIS. If the device driver directly indicates the arrival from its interrupt triggered DPC then everything works well. However, if the device driver defers the indication to a system worker thread then performance of the IKEv2 VPN declines sharply.

    The sometimes observed and noted wired/wireless relationship between fast/slow IKEv2 VPNs is just a coincidence - it is the driver design that makes the difference. On my laptop where the built-in wired adapter is fast and the built-in wireless adapter is slow, a USB wireless network adapter is also fast.

    Gary

    1 person found this answer helpful.
  4. Thomas Gusset 36 Reputation points
    2021-10-29T18:19:50.153+00:00

    In my frist post I wrote what transfer rates we see. What transfer rates do you observe?
    AoVPN can also be used with SSTP instead of IKEv2. With SSTP we didn't see the bad performance.

    1 person found this answer helpful.
  5. Sunny Qi 10,896 Reputation points Microsoft Vendor
    2021-04-15T04:15:42.873+00:00

    Hi,

    Thanks for posting in Q&A platform.

    It seems your issue is that slow Wi-Fi network connection performance when VPN is connected. For network speed slow performance issue, it's necessary to analyze performance log and network traffic to find the cause. However, analysis of log is beyond our forum support level and due to forum security policy, we have no such channel to collect user log information. So, we recommend you open a case with MS Professional tech support service, they will help you open a phone or email case to Microsoft, so that you would get a technical support on a one-to-one basis while ensuring private information.

    Here is the link, you could find phone number of your region accordingly from the link below::

    https://support.microsoft.com/en-us/gp/customer-service-phone-numbers

    Best Regards,
    Sunny

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments