Interesting scenario. This reply only addresses a small part of your message: While I see you've done the math and checked the specs for the Aruba devices -- have you already conducted a few non-VPN tests between direct-wire-connected laptops/devices at those two locations to know what "baseline" bandwidth you're starting from when considering the max potential bandwidth for the encrypted traffic? For example, since you're on a business plan, you should have a direct public IP to target with iperf traffic from either end, even if not encrypted. Dan On Fri, Feb 17, 2023 at 11:30 AM Adam Thompson via Starlink < starlink@lists.bufferbloat.net> wrote: > Hi, all. > We've been trying to develop a plug-and-play L2 VPN over Starlink, using > Aruba Hospitality-series Remote APs like their RAP-505H. > It's not going great, and I'm wondering about several Starlink-specific > issues. > > First, having multiple devices in serial is generally not a great idea for > reliability. Can we realistically plug our remote AP directly into the > dish, still? (This is using Starlink Business, FWIW.). I know we lose > access to the Starlink app, but we also lose a NATing router and an > unwanted wifi AP, so that's probably a net zero. I just don't know what > other dangers/problems that topology might cause. > > Secondly, we're only able to push about 30Mbps through the (magical > Aruba-proprietary GRE+IPsec) tunnel. The bandwidth-delay equations suggest > we should be seeing around 100Mbps, not 30. (The Aruba devices are rated > for ~2Gbps encrypted at the site end, and ~7Gbps at the head end, so > presumably that's not the bottleneck.) > > So: > * does anyone have corroborating *or* contradicting evidence of VPN > performance over Starlink's particular flavor of Long Fat Pipe, and > * does anyone have any positive (or negative, I guess!) recommendations > for cloud-managed VPN devices that can do at least 100M and magically work > from behind double-NAT/CGNAT like we see with Starlink? Bonus points if it > does L2 tunnels or can run a dynamic routing protocol. > * Other comments or suggestions welcome, too. > > Thanks, > -Adam > > Get Outlook for Android > > _______________________________________________ > Starlink mailing list > Starlink@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/starlink > ᐧ ᐧ