From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm1-x32e.google.com (mail-wm1-x32e.google.com [IPv6:2a00:1450:4864:20::32e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 806713B29E for ; Fri, 17 Feb 2023 11:34:26 -0500 (EST) Received: by mail-wm1-x32e.google.com with SMTP id 8-20020a05600c230800b003ddca7a2bcbso1301950wmo.3 for ; Fri, 17 Feb 2023 08:34:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=FN4UBlDrhwFNsAwQ2dzz/WvZVq5eC9JoZSvaPNEKHKc=; b=mWdgRoj3v3U3T/dfAAlcB1vcKpd/Q3ol1ShoawU1p/bwCV2/EaqWyPoYO2Rb6AV4XJ cgYRGy/9sR2+Nq9IESp/aAerRQhU8fpTXQiy76qwOXnVtUkVhV9hlZlk26Yg3CSBQ42l Lhg7eUobkgMhzQzKiV2F4n7VJiVvGSKrlw00hEuVNXj4q3FO08UTk9xMXtdRENrewGbn anlrsp+ZMxaGbtAHpduLxphiwGTINNkt4w4H/PLetbHx/A0IrC+afYXdMff1OGEBVWF1 xrBO8eWjYKHNEwbRvGInvT8G82FaXPgCD/gUxpaEWdsJyPWRpwvCDU/sGR07jcTZUH07 vf+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FN4UBlDrhwFNsAwQ2dzz/WvZVq5eC9JoZSvaPNEKHKc=; b=J48wvSofbQ7ii+t4VUI1R77FLcnKYq6slYt9EYjdSwa8oi2Bv4j2FQehzEB0B8aWPS 1xwsdasDJeVjhijPljFL79JwKFUOZTPyZJ5VizuYZzGtnA71HXr4Oh30BDrFHJy9Ybg7 K8dbtN7tu2oJrkCZ5WxJbQc2R/OZlIKWXJ7FlteH4LrD3ARfZlq9mDUYn33aQsN+hvcN nAcUW9r/4tMLlbLcgtH3Y5qJWzUyLtIDk7Wx6AeUZXcVjJwbmJlCW0ez8eyXysLYC9t/ njWsJDrbZAneO0PPz/kxEcJvqmEO7ftVatyI+ayplVPRvr0vuSNH7ulbi0SzOvOVPLxm TQjQ== X-Gm-Message-State: AO0yUKXV4HFIcekUunQXsYakySg49WIk5zodcPpyr2rnpMTrfGPO5fWC 6SmqMY5YhNDRLUcuZT3Tf/Yaku4ZRXtHgnYjImZvVot7BDQ= X-Google-Smtp-Source: AK7set9qO21QoCaJ3Xj2WxvFdvT3mCTXSMCJNk3mM386ybZexgkIYYfxv1/BeuLHKUs0hP+ei0zwPGaS0uaV4kJmozI= X-Received: by 2002:a05:600c:3b8d:b0:3e2:1c73:a1aa with SMTP id n13-20020a05600c3b8d00b003e21c73a1aamr204299wms.206.1676651665358; Fri, 17 Feb 2023 08:34:25 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Dave Taht Date: Fri, 17 Feb 2023 08:34:13 -0800 Message-ID: To: Adam Thompson Cc: "starlink@lists.bufferbloat.net" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: Re: [Starlink] VPN woes, recommendations? X-BeenThere: starlink@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Starlink has bufferbloat. Bad." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Feb 2023 16:34:26 -0000 The big winners over starlink have been wireguard and zerotier. + https://github.com/lynxthecat/cake-autorate#cake-with-adaptive-bandwidth-= --autorate finally hit the big 2.0 mark a few days ago. On Fri, Feb 17, 2023 at 8:30 AM Adam Thompson via Starlink wrote: > > Hi, all. > We've been trying to develop a plug-and-play L2 VPN over Starlink, using = Aruba Hospitality-series Remote APs like their RAP-505H. > It's not going great, and I'm wondering about several Starlink-specific i= ssues. > > First, having multiple devices in serial is generally not a great idea fo= r reliability. Can we realistically plug our remote AP directly into the d= ish, still? (This is using Starlink Business, FWIW.). I know we lose acces= s to the Starlink app, but we also lose a NATing router and an unwanted wif= i AP, so that's probably a net zero. I just don't know what other dangers/= problems that topology might cause. > > Secondly, we're only able to push about 30Mbps through the (magical Aruba= -proprietary GRE+IPsec) tunnel. The bandwidth-delay equations suggest we s= hould be seeing around 100Mbps, not 30. (The Aruba devices are rated for ~= 2Gbps encrypted at the site end, and ~7Gbps at the head end, so presumably = that's not the bottleneck.) > > So: > * does anyone have corroborating *or* contradicting evidence of VPN perfo= rmance over Starlink's particular flavor of Long Fat Pipe, and > * does anyone have any positive (or negative, I guess!) recommendations f= or cloud-managed VPN devices that can do at least 100M and magically work f= rom behind double-NAT/CGNAT like we see with Starlink? Bonus points if it = does L2 tunnels or can run a dynamic routing protocol. > * Other comments or suggestions welcome, too. > > Thanks, > -Adam > > Get Outlook for Android > _______________________________________________ > Starlink mailing list > Starlink@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/starlink --=20 Surveillance Capitalism? Or DIY? Choose: https://blog.cerowrt.org/post/an_upgrade_in_place/ Dave T=C3=A4ht CEO, TekLibre, LLC