Confirmed: Azure VPN Slow Performance only over Wifi - IKEv2 vs OpenVPN

I have an active ticket with Microsoft that I have been working on for a couple months. We just had a breakthrough in narrowing down the culprit to our poor VPN performance.

Problem:
Azure VPN was very slow over Wi-Fi, but not over Ethernet.

Details:
Microsoft setup a test tenant to try to reproduce the problem and let me connect to it. The problem could not be reproduced. Everything was fast over the VPN on Wi-Fi or Ethernet. It wasn’t until recently that we learned that the Microsoft lab was not setup exactly like our environment.

Today’s Development:
We just figured out if we switch from IKEv2 to OpenVPN that problem completely goes away. Microsoft changed theirs from OpenVPN to IKEv2 and immediately had the same problem we have been trying to resolve. I switch my lab VPN config from IKEv2 to OpenVPN and immediately the performance was fast!

Benchmarks:

VPN with IKEv2 + Wi-Fi 5 Ghz: 1 to 2 MB/s windows file dialog transfer speeds. 30 to 40 Mbps IPERF
VPN with IKEv2 + Ethernet: 30 to 35 MB/s windows file dialog transfer speeds. 300 to 400 Mbps IPERF
VPN with OpenVPN + Wi-Fi 5Ghz: 30 to 35 MB/s windows file dialog transfer speeds. 300 to 400 Mbps IPERF
VPN with OpenVPN + Wi-Fi 2Ghz: ~16 MB/s windows file dialog transfer speeds. 100 to 200 Mbps IPERF
VPN with OpenVPN + Ethernet: 30 to 35 MB/s windows file dialog transfer speeds. 300 to 400 Mbps IPERF

*Internet speed for these tests was limited to about 400 to 500 Mbps.

Can anyone else see this in their environment?

Is the OpenVPN using TCP? IKEv2 is all UDP. Could be packet loss and retransmits? Or even a side-effect of a QoS setting intended for something else.

Is IKEv2 fragmentation enabled? Always On VPN and IKEv2 Fragmentation | Richard M. Hicks Consulting, Inc.

Is your wifi encapsulated or using a tunnel?

Fragmentation will be your issue.

I’ve seen such an issue with L2TP vpn from Win11 pro (its native client) to a Zyxel firewall. Worked fine with cable, it was shit with Wifi. No win10 client had that issue. When on wifi, VPN started OK, then after just some seconds its performance dropped and became horribly slow. Sometimes, also internet connection out of the vpn became very slow. No problem on cable, no problem on Wifi without the L2TP vpn connected.

Switching to any other (non-ipsec) vpn fixes the issue. I did switch to a different vpn for that client.

I just found this.
http://gary-nebbett.blogspot.com/2021/07/slow-performance-of-ikev2-built-in.html

I will have to review this to see if it applies.

I read this, but my symptoms do not match. I do not think this applies. Thank you for trying.

wifi should not be changing anything intentionally.

Since your story does not involve the same products, but does involve similar protocols, I wonder if there is a common misconfiguration that is affecting VPNs over WiFi that the IT industry has not addresses well.

And what do you make of it, ikev2 vpns are just crap on Windows machines?

Microsoft’s vpn solutions seem highly overrated. Something like a Citrix solution is far more dependable.

Cisco and other vpn products are also far better.

Sorry for the side tangent but is this account a fucking AI bot? Look at their comment history

I’d say it’s some windows 11 problem with wifi and the internal ipsec stack. No issues with the same VPN in Windows 10 and wifi, and of course with Linux.

No issues with a different VPN.

It’s definitely a bot.