From: Dave Taht <dave.taht@gmail.com>
Sent: February 17, 2023 10:45 AM
To: Adam Thompson <athompson@merlin.mb.ca>
Cc: Daniel C. Eckert <eckertd@gmail.com>; starlink@lists.bufferbloat.net
Subject: Re: [Starlink] VPN woes, recommendations?

Sorry, forgot to answer the first part: yes, absent the tunnel, we get ~200/8 consistently, occasionally bursting higher.

-Adam

 

 

Get Outlook for Android

---

From: Daniel C. Eckert <eckertd@gmail.com>
Sent: Friday, February 17, 2023 10:36:24 AM
To: Adam Thompson <athompson@merlin.mb.ca>
Cc: starlink@lists.bufferbloat.net <starlink@lists.bufferbloat.net>
Subject: Re: [Starlink] VPN woes, recommendations?

 

Interesting scenario.  This reply only addresses a small part of your message:  While I see you've done the math and checked the specs for the Aruba devices -- have you already conducted a few non-VPN tests between direct-wire-connected laptops/devices at those two locations to know what "baseline" bandwidth you're starting from when considering the max potential bandwidth for the encrypted traffic?  For example, since you're on a business plan, you should have a direct public IP to target with iperf traffic from either end, even if not encrypted.

 

Dan

 

On Fri, Feb 17, 2023 at 11:30 AM Adam Thompson via Starlink <starlink@lists.bufferbloat.net> wrote:

Hi, all.

We've been trying to develop a plug-and-play L2 VPN over Starlink, using Aruba Hospitality-series Remote APs like their RAP-505H.

It's not going great, and I'm wondering about several Starlink-specific issues.

 

First, having multiple devices in serial is generally not a great idea for reliability.  Can we realistically plug our remote AP directly into the dish, still?  (This is using Starlink Business, FWIW.). I know we lose access to the Starlink app, but we also lose a NATing router and an unwanted wifi AP, so that's probably a net zero.  I just don't know what other dangers/problems that topology might cause.

 

Secondly, we're only able to push about 30Mbps through the (magical Aruba-proprietary GRE+IPsec) tunnel.  The bandwidth-delay equations suggest we should be seeing around 100Mbps, not 30.  (The Aruba devices are rated for ~2Gbps encrypted at the site end, and ~7Gbps at the head end, so presumably that's not the bottleneck.)

 

So:

* does anyone have corroborating *or* contradicting evidence of VPN performance over Starlink's particular flavor of Long Fat Pipe, and

* does anyone have any positive (or negative, I guess!) recommendations for cloud-managed VPN devices that can do at least 100M and magically work from behind double-NAT/CGNAT like we see with Starlink?  Bonus points if it does L2 tunnels or can run a dynamic routing protocol.

* Other comments or suggestions welcome, too.

 

Thanks,

-Adam

 

Get Outlook for Android

_______________________________________________
Starlink mailing list
Starlink@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/starlink

ᐧ

ᐧ

_______________________________________________
Starlink mailing list
Starlink@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/starlink