On Fri, Feb 17, 2023 at 8:39 AM Adam Thompson via Starlink < starlink@lists.bufferbloat.net> wrote: > Sorry, forgot to answer the first part: yes, absent the tunnel, we get > ~200/8 consistently, occasionally bursting higher. > you really should test more deeply, and for longer periods than 15 seconds. I keep hoping someone with business class service will repeat these 2 year old benchmarks. https://docs.google.com/document/d/1puRjUVxJ6cCv-rgQ_zn-jWZU9ae0jZbFATLf4PQKblM/edit#heading=h.fwv7fw3aeaz > -Adam > > > Get Outlook for Android > ------------------------------ > *From:* Daniel C. Eckert > *Sent:* Friday, February 17, 2023 10:36:24 AM > *To:* Adam Thompson > *Cc:* starlink@lists.bufferbloat.net > *Subject:* Re: [Starlink] VPN woes, recommendations? > > Interesting scenario. This reply only addresses a small part of your > message: While I see you've done the math and checked the specs for the > Aruba devices -- have you already conducted a few non-VPN tests between > direct-wire-connected laptops/devices at those two locations to know what > "baseline" bandwidth you're starting from when considering the max > potential bandwidth for the encrypted traffic? For example, since you're > on a business plan, you should have a direct public IP to target with iperf > traffic from either end, even if not encrypted. > > Dan > > On Fri, Feb 17, 2023 at 11:30 AM Adam Thompson via Starlink < > starlink@lists.bufferbloat.net> wrote: > > Hi, all. > We've been trying to develop a plug-and-play L2 VPN over Starlink, using > Aruba Hospitality-series Remote APs like their RAP-505H. > It's not going great, and I'm wondering about several Starlink-specific > issues. > > First, having multiple devices in serial is generally not a great idea for > reliability. Can we realistically plug our remote AP directly into the > dish, still? (This is using Starlink Business, FWIW.). I know we lose > access to the Starlink app, but we also lose a NATing router and an > unwanted wifi AP, so that's probably a net zero. I just don't know what > other dangers/problems that topology might cause. > > Secondly, we're only able to push about 30Mbps through the (magical > Aruba-proprietary GRE+IPsec) tunnel. The bandwidth-delay equations suggest > we should be seeing around 100Mbps, not 30. (The Aruba devices are rated > for ~2Gbps encrypted at the site end, and ~7Gbps at the head end, so > presumably that's not the bottleneck.) > > So: > * does anyone have corroborating *or* contradicting evidence of VPN > performance over Starlink's particular flavor of Long Fat Pipe, and > * does anyone have any positive (or negative, I guess!) recommendations > for cloud-managed VPN devices that can do at least 100M and magically work > from behind double-NAT/CGNAT like we see with Starlink? Bonus points if it > does L2 tunnels or can run a dynamic routing protocol. > * Other comments or suggestions welcome, too. > > Thanks, > -Adam > > Get Outlook for Android > > _______________________________________________ > Starlink mailing list > Starlink@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/starlink > > ᐧ > ᐧ > _______________________________________________ > Starlink mailing list > Starlink@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/starlink > -- Surveillance Capitalism? Or DIY? Choose: https://blog.cerowrt.org/post/an_upgrade_in_place/ Dave Täht CEO, TekLibre, LLC