[Starlink] VPN woes, recommendations?

Adam Thompson athompson at merlin.mb.ca
Fri Feb 17 11:38:47 EST 2023 

Business plans include static IPs?!?!?!?
Ok, yeah, that radically changes the situation.  Also, we're not getting static or predictable IPs.  I can follow that up, anyway, thanks!
-Adam

Get Outlook for Android<https://aka.ms/AAb9ysg>
________________________________
From: Daniel C. Eckert <eckertd at gmail.com>
Sent: Friday, February 17, 2023 10:36:24 AM
To: Adam Thompson <athompson at merlin.mb.ca>
Cc: starlink at lists.bufferbloat.net <starlink at lists.bufferbloat.net>
Subject: Re: [Starlink] VPN woes, recommendations?

Interesting scenario.  This reply only addresses a small part of your message:  While I see you've done the math and checked the specs for the Aruba devices -- have you already conducted a few non-VPN tests between direct-wire-connected laptops/devices at those two locations to know what "baseline" bandwidth you're starting from when considering the max potential bandwidth for the encrypted traffic?  For example, since you're on a business plan, you should have a direct public IP to target with iperf traffic from either end, even if not encrypted.

Dan

On Fri, Feb 17, 2023 at 11:30 AM Adam Thompson via Starlink <starlink at lists.bufferbloat.net<mailto:starlink at lists.bufferbloat.net>> wrote:
Hi, all.
We've been trying to develop a plug-and-play L2 VPN over Starlink, using Aruba Hospitality-series Remote APs like their RAP-505H.
It's not going great, and I'm wondering about several Starlink-specific issues.

First, having multiple devices in serial is generally not a great idea for reliability.  Can we realistically plug our remote AP directly into the dish, still?  (This is using Starlink Business, FWIW.). I know we lose access to the Starlink app, but we also lose a NATing router and an unwanted wifi AP, so that's probably a net zero.  I just don't know what other dangers/problems that topology might cause.

Secondly, we're only able to push about 30Mbps through the (magical Aruba-proprietary GRE+IPsec) tunnel.  The bandwidth-delay equations suggest we should be seeing around 100Mbps, not 30.  (The Aruba devices are rated for ~2Gbps encrypted at the site end, and ~7Gbps at the head end, so presumably that's not the bottleneck.)

So:
* does anyone have corroborating *or* contradicting evidence of VPN performance over Starlink's particular flavor of Long Fat Pipe, and
* does anyone have any positive (or negative, I guess!) recommendations for cloud-managed VPN devices that can do at least 100M and magically work from behind double-NAT/CGNAT like we see with Starlink?  Bonus points if it does L2 tunnels or can run a dynamic routing protocol.
* Other comments or suggestions welcome, too.

Thanks,
-Adam

Get Outlook for Android<https://streaklinks.com/BZdCYXLz80mmcz4jWATVEg7r/https%3A%2F%2Faka.ms%2FAAb9ysg>
_______________________________________________
Starlink mailing list
Starlink at lists.bufferbloat.net<mailto:Starlink at lists.bufferbloat.net>
https://lists.bufferbloat.net/listinfo/starlink
[https://mailfoogae.appspot.com/t?sender=aZWNrZXJ0ZEBnbWFpbC5jb20%3D&type=zerocontent&guid=c1c31836-4d3e-4aad-a576-c28cbc6172cb]ᐧ
[https://mailfoogae.appspot.com/t?sender=aZWNrZXJ0ZEBnbWFpbC5jb20%3D&type=zerocontent&guid=5fd7792d-7b29-429a-9e08-ab57de655a75]ᐧ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bufferbloat.net/pipermail/starlink/attachments/20230217/b32ac56c/attachment-0001.html>

More information about the Starlink mailing list