Business plans include static IPs?!?!?!? Ok, yeah, that radically changes the situation. Also, we're not getting static or predictable IPs. I can follow that up, anyway, thanks! -Adam Get Outlook for Android ________________________________ From: Daniel C. Eckert Sent: Friday, February 17, 2023 10:36:24 AM To: Adam Thompson Cc: starlink@lists.bufferbloat.net Subject: Re: [Starlink] VPN woes, recommendations? Interesting scenario. This reply only addresses a small part of your message: While I see you've done the math and checked the specs for the Aruba devices -- have you already conducted a few non-VPN tests between direct-wire-connected laptops/devices at those two locations to know what "baseline" bandwidth you're starting from when considering the max potential bandwidth for the encrypted traffic? For example, since you're on a business plan, you should have a direct public IP to target with iperf traffic from either end, even if not encrypted. Dan On Fri, Feb 17, 2023 at 11:30 AM Adam Thompson via Starlink > wrote: Hi, all. We've been trying to develop a plug-and-play L2 VPN over Starlink, using Aruba Hospitality-series Remote APs like their RAP-505H. It's not going great, and I'm wondering about several Starlink-specific issues. First, having multiple devices in serial is generally not a great idea for reliability. Can we realistically plug our remote AP directly into the dish, still? (This is using Starlink Business, FWIW.). I know we lose access to the Starlink app, but we also lose a NATing router and an unwanted wifi AP, so that's probably a net zero. I just don't know what other dangers/problems that topology might cause. Secondly, we're only able to push about 30Mbps through the (magical Aruba-proprietary GRE+IPsec) tunnel. The bandwidth-delay equations suggest we should be seeing around 100Mbps, not 30. (The Aruba devices are rated for ~2Gbps encrypted at the site end, and ~7Gbps at the head end, so presumably that's not the bottleneck.) So: * does anyone have corroborating *or* contradicting evidence of VPN performance over Starlink's particular flavor of Long Fat Pipe, and * does anyone have any positive (or negative, I guess!) recommendations for cloud-managed VPN devices that can do at least 100M and magically work from behind double-NAT/CGNAT like we see with Starlink? Bonus points if it does L2 tunnels or can run a dynamic routing protocol. * Other comments or suggestions welcome, too. Thanks, -Adam Get Outlook for Android _______________________________________________ Starlink mailing list Starlink@lists.bufferbloat.net https://lists.bufferbloat.net/listinfo/starlink [https://mailfoogae.appspot.com/t?sender=aZWNrZXJ0ZEBnbWFpbC5jb20%3D&type=zerocontent&guid=c1c31836-4d3e-4aad-a576-c28cbc6172cb]ᐧ [https://mailfoogae.appspot.com/t?sender=aZWNrZXJ0ZEBnbWFpbC5jb20%3D&type=zerocontent&guid=5fd7792d-7b29-429a-9e08-ab57de655a75]ᐧ