I just got 5G home plus internet and get amazing speeds usually over 1100 mbps. However, I’m not sure if I can keep the service as when I connect through my work VPN, I’m only getting 20-30 mbps whereas with my old internet I would get 200-300 mbps at a minimum. Has anyone experienced an issue like this? Any advice?
Maybe do some research on MTU size/settings. I know many vpns are finicky with that setting.
Try switching to TCP if you can. Verizon deprioritizes UDP traffic if I understand correctly.
As someone else mentioned, the MTU on Verizon is lower than usual (lower than 1500). You can further optimize your VPN connection by ensuring your VPN’s MTU is low enough that packets don’t fragment. i.e. chosen TUN MTU + VPN overhead <= Verizon MTU.
You’re lucky, I get about 1Mbps with our VPN which is Palo Alto Networks Global Protect. I couldn’t get my work IT to change the MTU setting it uses or allow me to change it myself.
If I set the gateway up to block all the UDP IPSec it reverts to SSL TCP based mode which works at about 5Mbps but it’s very unreliable especially when running UDP connections over it.
My company is evaluating Perimeter 81 VPN now which works like a charm but does not yet have access to my corporate cloud networks so doesn’t work for me as a developer. I’m sticking with Verizon for now even though I can’t use it daily, hopefully work will ditch Global Protect soon.
I have found that setting the MTU on my laptop WiFi connection manually to something less than 1500 before I connect the VPN sometimes gives me 20Mbps but then after a while it lapses back to 1Mbps. No idea why that is.
I’ve been having the same issue with Verizon 5G Home and Global Protect and solved it today using this article (written for T-Mobile Home Internet users but worked for me).
https://amithkumarg.medium.com/resolved-t-mobile-home-internet-vpn-issue-2f5ca594c23e
I am on a Mac. It was definitely an MTU issue. I followed the instructions to lower the MTU for the specific virtual interface that GlobalProtect uses, which in my case was the one called utun0. You can figure out which utun it is with a little trial and error.
I had previously tried lowering the MTU for my wifi in the Network preference pane in System Preferences and it didn’t work. The trick was lowering it for the specific virtual interface for GP.
Looks like I’ll have to do this every time I restart the computer or network connection as it resets itself when GP reconnects, but worth it for the improved speeds.
I had the exact same issue! We use Palo Alto GlobalProtect at work (I’m the netadmin over it as well), and we weren’t able to figure it out with Palo Alto support. I tried setting the MTU very low and everything. Did NOT try forcing TCP… shame on me.
Is this something I can do or I have to ask them? Sorry, not so well-versed in all this.
Sounds like I’m probably going to be out of luck with Verizon then as I also use global protect. Thank you for the insight.
GP user here too. It’s a MTU problem. I had to set mine on the VPN adapter to around 1370 to get non-crippling speeds. The problem is that the GlobalProtect client overwrites this every time I connect. So I have to connect, change the MTU, and then do it again the next morning. Very frustrating and the fix only works if you have admin rights on your work computer.
I’ll have to see if my IT can apply any of these solutions. Very much doubt they will but thank you!
You’re absolutely correct. The client resets the MTU on Windows too. Beyond frustrating.
I do see a setting to change in the gateway. It’s currently on TCP. There is an option to
Change to Udp but does not let me save it when I try to change it.
No, but I’ve seen GP throw up that message and tell me it was reverting to the TCP mode.
I have no way to set the VPN adapter MTU - I’m on OSX. I can change the MTU of the underlying WiFi connection but it makes no difference, before or during a connection.
Maybe there’s a command line way to do it that I don’t know off, but the UI gives no hint of it.
On Mac, I created a shortcut that sits in the dock and runs the command to lower the MTU when clicked. Still a hassle, but better than typing it into Terminal each time.
If it’s a work computer, you may not have administrator privileges or your work may only offer VPN services through TCP (which is fine). You can ask your IT department to help you optimize your VPN with the hint that you’re on a network with a substandard MTU.