We have a gigabit connection at home, reliably giving us close to that full speed in daily use/speed testing. When my wife logs into the corporate VPN on her work laptop, her speeds suddenly drop to ~650kbps (!!!). Unusable.
It’s a windows laptop running wired off a Unifi AC-Pro’s mirrored secondary port. The AP is is on a gigabit wired uplink to the switch and getting fine speeds for itself; logging out of the VPN brings full gigabit speed back immediately. Unfortunately she can’t access even basic services without using the VPN, and she ends up taking all her calls on her phone.
Possibly noteworthy: when her VPN is on, the NIC on her laptop doesn’t show an IP address at all. Intrusion protection is off in the Unifi console. Most config is still on default, as this is a pretty new implementation. The VPN provider is GlobalProtect.
Before I try to get in touch with her corporate IT, I want to make sure it’s not some setting on my end that’s fucking things up. Appreciate any insight the hive mind might have!
Hello! Thanks for posting on r/Ubiquiti!
This subreddit is here to provide unofficial technical support to people who use or want to dive into the world of Ubiquiti products. If you haven’t already been descriptive in your post, please take the time to edit it and add as many useful details as you can.
Ubiquiti makes a great tool to help with figuring out where to place your access points and other network design questions located at:
If you see people spreading misinformation or violating the “don’t be an asshole” general rule, please report it!
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.
I’d first investigate an MTU issue.
If you’ve got the experience for understanding packet header info, setup port mirroring and running Wireshark checking her connection.
Does your IP address range overlap with the VPNs?
This forum thread suggests blocking UDM port 4501 but I swear to god my firewall settings screen doesn’t match ANY of the instructions I can find on the web for setting firewall rules. I’m running Network version 9.0.108…
EDIT: That user apparently solved it by changing their MTU. I don’t even know what that is 
I just wanted PoE cameras and a sexy brushed metal switch, I’m not a sysadmin.
It’s always MTU with VPNs!
I do NOT have that experience
I wouldn’t know where to look. By “your” (my) IP address do you mean the client device’s internal IP it got from the router, or our (internet-facing) IP from the ISP?
You are looking for the MSS clamping setting I think.
Client internal IP from the router. Sounds like MTU was the culprit.
Looking, but not finding… I’m in the settings pane (where it lists Wifi, Networks, Internet, VPN, Security, Routing, etc as categories of settings) and if I type MSS into the search bar it comes up empty. I haven’t seen it anywhere in all my poking around either?
II’m sure I’m missing something obvious…
EDIT Found it. It’s in the settings for the Cloud Gateway Max itself, under services.
Not sure yet. It was a work day, so I couldn’t take over her laptop for long.
I discovered after posting that other speed test sites were showing much more believable speeds (200-300 Mbit vs kilobits) but still way short of what it should be, on gigabit Ethernet to a gigabit internet connection.
I don’t know if she tried any more video calls from the laptop, but after trying the above it at least showed an IP address reliably.
I just wanted PoE cameras and a sexy brushed metal switch, I’m not a sysadmin.