<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<div style="" dir="auto">Sorry, forgot to answer the first part: yes, absent the tunnel, we get ~200/8 consistently, occasionally bursting higher.</div>
<div style="" dir="auto">-Adam</div>
<div style="" dir="auto"><br>
</div>
<div id="ms-outlook-mobile-signature" dir="auto">
<div><br>
</div>
Get <a href="https://aka.ms/AAb9ysg">Outlook for Android</a></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Daniel C. Eckert <eckertd@gmail.com><br>
<b>Sent:</b> Friday, February 17, 2023 10:36:24 AM<br>
<b>To:</b> Adam Thompson <athompson@merlin.mb.ca><br>
<b>Cc:</b> starlink@lists.bufferbloat.net <starlink@lists.bufferbloat.net><br>
<b>Subject:</b> Re: [Starlink] VPN woes, recommendations?</font>
<div> </div>
</div>
<div>
<div dir="ltr">
<div dir="ltr">
<div class="x_gmail_default" style="font-family:arial,helvetica,sans-serif; font-size:small; color:rgb(0,0,0)">
Interesting scenario. This reply only addresses a small part of your message: While I see you've done the math and checked the specs for the Aruba devices -- have you already conducted a few non-VPN tests between direct-wire-connected laptops/devices at those
two locations to know what "baseline" bandwidth you're starting from when considering the max potential bandwidth for the encrypted traffic? For example, since you're on a business plan, you should have a direct public IP to target with iperf traffic from
either end, even if not encrypted.</div>
<div class="x_gmail_default" style="font-family:arial,helvetica,sans-serif; font-size:small; color:rgb(0,0,0)">
<br>
</div>
<div class="x_gmail_default" style="font-family:arial,helvetica,sans-serif; font-size:small; color:rgb(0,0,0)">
Dan</div>
</div>
<br>
<div class="x_gmail_quote">
<div dir="ltr" class="x_gmail_attr">On Fri, Feb 17, 2023 at 11:30 AM Adam Thompson via Starlink <<a href="mailto:starlink@lists.bufferbloat.net" target="_blank">starlink@lists.bufferbloat.net</a>> wrote:<br>
</div>
<blockquote class="x_gmail_quote" style="margin:0px 0px 0px 0.8ex; border-left:1px solid rgb(204,204,204); padding-left:1ex">
<div>
<div dir="auto">Hi, all.</div>
<div dir="auto">We've been trying to develop a plug-and-play L2 VPN over Starlink, using Aruba Hospitality-series Remote APs like their RAP-505H.</div>
<div dir="auto">It's not going great, and I'm wondering about several Starlink-specific issues.</div>
<div dir="auto"><br>
</div>
<div dir="auto">First, having multiple devices in serial is generally not a great idea for reliability. Can we realistically plug our remote AP directly into the dish, still? (This is using Starlink Business, FWIW.). I know we lose access to the Starlink
app, but we also lose a NATing router and an unwanted wifi AP, so that's probably a net zero. I just don't know what other dangers/problems that topology might cause.</div>
<div dir="auto"><br>
</div>
<div dir="auto">Secondly, we're only able to push about 30Mbps through the (magical Aruba-proprietary GRE+IPsec) tunnel. The bandwidth-delay equations suggest we should be seeing around 100Mbps, not 30. (The Aruba devices are rated for ~2Gbps encrypted at
the site end, and ~7Gbps at the head end, so presumably that's not the bottleneck.)</div>
<div dir="auto"></div>
<div id="x_m_5417424941266097326m_6961121106673671900ms-outlook-mobile-signature" dir="auto">
<div><br>
</div>
<div dir="auto">So:</div>
<div dir="auto">* does anyone have corroborating *or* contradicting evidence of VPN performance over Starlink's particular flavor of Long Fat Pipe, and</div>
<div dir="auto">* does anyone have any positive (or negative, I guess!) recommendations for cloud-managed VPN devices that can do at least 100M and magically work from behind double-NAT/CGNAT like we see with Starlink? Bonus points if it does L2 tunnels or
can run a dynamic routing protocol.</div>
<div dir="auto">* Other comments or suggestions welcome, too.</div>
<div dir="auto"><br>
</div>
<div dir="auto">Thanks,</div>
<div dir="auto">-Adam</div>
<div dir="auto"><br>
</div>
Get <a href="https://streaklinks.com/BZdCYXLz80mmcz4jWATVEg7r/https%3A%2F%2Faka.ms%2FAAb9ysg" target="_blank">
Outlook for Android</a></div>
</div>
_______________________________________________<br>
Starlink mailing list<br>
<a href="mailto:Starlink@lists.bufferbloat.net" target="_blank">Starlink@lists.bufferbloat.net</a><br>
<a href="https://lists.bufferbloat.net/listinfo/starlink" rel="noreferrer" hspace="streak-track" target="_blank">https://lists.bufferbloat.net/listinfo/starlink</a><br>
</blockquote>
</div>
<div hspace="streak-pt-mark" style="max-height:1px"><img alt="" src="https://mailfoogae.appspot.com/t?sender=aZWNrZXJ0ZEBnbWFpbC5jb20%3D&type=zerocontent&guid=c1c31836-4d3e-4aad-a576-c28cbc6172cb" class="x_hoverZoomLink" style="width:0px; max-height:0px; overflow:hidden"><font color="#ffffff" size="1">ᐧ</font></div>
</div>
<div hspace="streak-pt-mark" style="max-height:1px"><img alt="" src="https://mailfoogae.appspot.com/t?sender=aZWNrZXJ0ZEBnbWFpbC5jb20%3D&type=zerocontent&guid=5fd7792d-7b29-429a-9e08-ab57de655a75" style="width:0px; max-height:0px; overflow:hidden"><font color="#ffffff" size="1">ᐧ</font></div>
</div>
</body>
</html>