05-18-2018 01:49 PM - last edited on 05-20-2018 01:57 PM by RogersMoin
Hi,
I recently switched to Rogers gigabit from Bell. I have a CODA-4582 modem, firmware 2.0.10.34T6.
I frequently work from home connecting to work over a Cisco VPN.
Everything is much slower compared to when I was on Bell and compared to a friend using a TP-Link modem on Teksavvy.
This post seems to indicate a problem with processing VPN traffic:
http://communityforums.rogers.com/t5/Internet/Rogers-Hitron-CODA-4582-Hardware/td-p/378263/page/150
I won't pretend to understand it all but I can definitely see there is a problem with this modem related to VPN traffic.
Copying down large files is out of the question now and RDP connections are much less responsive.
During a file copy I see speeds around 1-2 Mbps and sometimes only a few 100 KBps. On Bell it was a steady 4-5 MBps.
I've tried bridged and gateway mode doesn't matter.
It seems there has been some issue about this since 2016. Is there any resolution?
I'd be willing to try beta firmware, different modem (though I imagine nothing else is available).
Its great and all that 5 people in the house can stream 1080p youtube but it kinda kills things for me if simple telework activities are crippled by modem firmware.
*** Edited Labels ***
09-29-2018 11:04 PM - edited 09-29-2018 11:39 PM
@flyboy50 I don't have any good suggestions for VPN services in Canada as I don't use a VPN (I probably should) . I'd be hesitant to buy a router from any specific service unless you absolutely had the ability to load it with something else such as PfSense, and that router had AES-NI support. Fwiw, the next PfSense version will require AES-NI support. My guess is that it won't load unless AES-NI support is present.
The Asus RT-AC88U, RT-AC3100, RT-AC5300 and RT-AC86U has IPSEC support when loaded with Merlin's Asuswrt. As far as I know, only the RT-AC86U has AES-NI support which results in much faster IPSEC throughput rates. You would have to look around to see what else might run AES-NI with IPSEC support.
Fwiw, QOS is an issue with Asus router. Seems this goes back a long ways. I don't use QOS so I haven't kept up with its current status.
For a VPN recommendation, you could post a question in the Canadian Broadband forum of the DSLReports site:
https://www.dslreports.com/forums/23
Here is one small thread from that forum.
https://www.dslreports.com/forum/r32003437-Do-you-trust-your-VPN-provider
Have a look at the following thread:
Here's a page from the smallnetbuilder site with a few interesting comments regarding VPN capability:
https://www.snbforums.com/threads/advice-needed-new-asus-router.47748/page-2
There is a better thread regarding the RT-AC86U and VPN support, just have to find it somewhere.
01-27-2019 10:06 AM - edited 01-27-2019 10:19 AM
Running into the same situation. Same Modem (CODA-4582U - not certain what FW since Rogers won't allow me to log into the device since I have static IPs), IPSec VPN connecting to Azure. Odd thing is, it was working spectacularly until 3 days ago and has been working for about a year - running near full speed (around 650MB down and 42mb up.)
Then, all of a sudden I started getting warnings that my backups weren't completing in the time allowed - transfer rates to Azure are now 420kb/s instead of 42,000kb/s. But, my fast.com results are still returning 800/45. Spent hours troubleshooting Azure, rebooting firewall and modem to no avail.
Eventually, I changed Azure to point at my backup Primus 6/6 connection and my upload speeds were back up to 3-4MB/s...
Same Azure VPN settings, same firewall, same network, 6/6 connection is 10x than my 1000/50... Rogers tech says there wasn't any infrastructure changes nor was the device fw upgraded, but he tried pushing a newer FW modem but it failed - they are sending a tech to replace it, I hope it resolves the issue...
This doesn't seem to be affecting my Remote Users on openVPN (transfer rates are still in the normal range,) but I've confirmed it's also affecting my mobile IPSec clients using a different IPSec config (same inbound ISP/modem.)
01-28-2019 11:04 AM
Good morning @EricMc!
Welcome to our Community!
VPNs are very important to many of our customers, so please update us once the tech has come to replace your modem and let us know if that resolves it.
Regards,
RogersCorey
01-28-2019 11:29 AM
@EricMc usually when tech support can't push a firmware upload to the modem, that's an indication of an external cable and / or connector fault. Do not let the tech leave without him or her checking the cable signal levels, which can be done via the techs wireless tablet or laptop. That connects to the Rogers system, allowing the tech to look at the signal levels without connecting directly to the modem or its RG-6 cable.
Personal opinion, the first thing that should be done is to check the signal levels, take whatever corrective action is required, then consider swapping the modem.
01-28-2019 11:32 AM
01-28-2019 11:56 AM - edited 01-28-2019 12:16 PM
Actually low IPSEC data rates with Intel Puma modems, which includes the Puma 5, 6 and 7, are a known issue. There is an upcoming update which will hopefully resolve the low data rates. Won't know until that's released and users have a chance to test it. So, swapping the modem will not do anything to increase the IPSEC data rates.
The black Hitron modems are Puma 6 modems, the white Hitron modem is a Puma 7 modem.
This problem probably dates back to 2008 when Intel bought the Puma modem line from Texas Instruments and dropped in an Arm and Atom processor into the design. Either the IPSEC limitation was in the original Puma 5 modem that Texas Instruments built, and that limitation was dragged 10 years into the future, or, the limitation was caused by the chipset design changes that Intel introduced.
Other users who require IPSEC data transfer have simply left Rogers and gone elsewhere, where IPSEC isn't an issue.
Edit: You should find that you're limited to 25 Mb/s over an IPSEC VPN, which is an Intel Puma 5/6/7 modem limitation. If you were running the new Ignite TV service, with a Technicolour XB6 modem instead of the Arris XB6 modem you might see higher IPSEC data rates. The Technicolour XB6 is a Broadcom BCM-3390 modem, the Arris XB6 is an Intel Puma 7 modem. Now having said that, when someone with a Technicolour XB6 manages to really test IPSEC VPNS, we'll find out if there are any additional network issues lurking about as well, and that possibly this isn't just a modem issue. I haven't seen anyone with the Technicolour XB6 post any IPSEC results, but, one of these days it will happen. I'm looking forward to those results, whenever they show up.
01-28-2019 12:10 PM - edited 01-28-2019 12:12 PM
I've been reading about 'updates' as far back as 5 years ago - I don't think they are coming 'soon' anymore. That said, everything was working fine until Thursday last week with the exact same traffic - I've essentially uploaded 100s of TBs across the pipe over the last year. I had this issue with the an older model (likely the PUMA6, it was black) which caused us to upgrade to the coda-4582u modem against Rogers recommendation at the time. I went month-to-month for 6 months before signing a contract to make sure the issue didn't return. According to Rogers, nothing has changed that would cause this, so this is why I'm scratching my head... If nothing changed, what changed?
01-28-2019 12:29 PM - edited 01-28-2019 12:38 PM
Have a look at my additional "Edit" above. There is an update in the works, just not sure if its going to be included in the next one or two updates. I'll inquire about any progress on this.
First thing that comes to mind is a cable issue. Its possible that the problem is beyond your cable system, somewhere between the local tap, which you are connected to, and the neighbourhood node. As I indicated above, the first item that comes to mind when tech support can't push an update is a cable issue. Since your cabling was replaced very recently, I would suspect some issue further upstream, in which case tech support should have dispatched a senior tech, not a contractor tech.
Then there is always the possibility of some configuration change witin the Cable Modem Termination System (CMTS). Your modem connects to the CMTS via the neighbourhood node. Any configuration change, accidental or deliberate can result in issues for users.
Are you running IPV6 by any chance, and if so, does your transfer target use IPV4 or IPV6? If you're running IPV6, I wouldn't be surprised if there was a configuration change with the CMTS which is causing IPV6 problems for users connected to that particular CMTS.
You should be able to log into the modem using 192.168.0.1 or 192.168.100.1 if the modem is in Gateway mode, or by using 102.168.100.1 if the modem is in Bridge mode with a router behind it. You can log into the modem thru the router.
If you can log into the modem and its running in Gateway mode, you will see two WAN addresses in the upper right hand data block on the Status page. That page is displayed automatically when you log into the modem. The upper right hand corner is the WAN address block and it will show both IPV4 and IPV6 addresses if the modem is running IPV6.
01-28-2019 02:21 PM - edited 01-28-2019 02:24 PM
@Datalink wrote:Have a look at my additional "Edit" above. There is an update in the works, just not sure if its going to be included in the next one or two updates. I'll inquire about any progress on this.
First thing that comes to mind is a cable issue. Its possible that the problem is beyond your cable system, somewhere between the local tap, which you are connected to, and the neighbourhood node. As I indicated above, the first item that comes to mind when tech support can't push an update is a cable issue. Since your cabling was replaced very recently, I would suspect some issue further upstream, in which case tech support should have dispatched a senior tech, not a contractor tech.
Then there is always the possibility of some configuration change witin the Cable Modem Termination System (CMTS). Your modem connects to the CMTS via the neighbourhood node. Any configuration change, accidental or deliberate can result in issues for users.
Are you running IPV6 by any chance, and if so, does your transfer target use IPV4 or IPV6? If you're running IPV6, I wouldn't be surprised if there was a configuration change with the CMTS which is causing IPV6 problems for users connected to that particular CMTS.
You should be able to log into the modem using 192.168.0.1 or 192.168.100.1 if the modem is in Gateway mode, or by using 102.168.100.1 if the modem is in Bridge mode with a router behind it. You can log into the modem thru the router.
If you can log into the modem and its running in Gateway mode, you will see two WAN addresses in the upper right hand data block on the Status page. That page is displayed automatically when you log into the modem. The upper right hand corner is the WAN address block and it will show both IPV4 and IPV6 addresses if the modem is running IPV6.
So tech has been onsite and reluctantly changed modem. It was quick, only an hour, but alas no change.
To answer some of your questions:
- Since the modem is getting 600+ Download with regular traffic, Rogers is declaring success and basically writing my issue off
- IPv4 only
- Can see modem, but can't login since I have static IPs (tech alluded that customers are not responsible enough to be entrusted with login rights on the device when static IPs are involved.)
It's irritating because for such a long known about issue, not a single person at Rogers seems to know anything about this - the one veteran tech (he's been with the outsource company Rogers contracts for almost 1 whole year) I spoke to on the phone yesterday has didn't know Rogers had forum sites, he tried telling me these were run by a unaffiliated 3rd party.
Time to cancel. Just have to figure out who will deliver into this building.
01-28-2019 02:32 PM - edited 01-28-2019 02:32 PM
We will see how long it lasts, but it just magically started working again. from 200K to 40Mb in 1 second. No change from this end...
01-28-2019 02:35 PM - edited 01-28-2019 02:38 PM
Are you on a business plan? Just wondering why the static IPs would prevent the user from logging into the modem?
Alternatives are to go with a fibre provider, if one is available in the building, or with a TPIA, which will only be able to give you reduced overall data rates as neither Rogers, Bell or other large providers will allow TPIAs to run high speed services. The gain out of this situation is that you wouldn't necessarily be using a Puma 6 modem. A fibre provider will supply a totally different modem, for a TPIA you would just have to be careful and avoid any Puma 6 modems they might offer.
40 Mb/s thru the IPSEC VPN? Is that correct?
The only people who are in the know concerning the Puma modem IPSEC VPN performance are the engineering staff and a few people on this forum. Tech support and the field techs won't know anything about this.
01-28-2019 02:45 PM - edited 01-28-2019 02:48 PM
@Datalink wrote:Are you on a business plan? Just wondering why the static IPs would prevent the user from logging into the modem?
Alternatives are to go with a fibre provider, if one is available in the building, or with a TPIA, which will only be able to give you reduced overall data rates as neither Rogers, Bell or other large providers will allow TPIAs to run high speed services. The gain out of this situation is that you wouldn't necessarily be using a Puma 6 modem. A fibre provider will supply a totally different modem, for a TPIA you would just have to be careful and avoid any Puma 6 modems they might offer.
40 Mb/s thru the IPSEC VPN? Is that correct?
Yes, we are on IgniteForBusiness 1GB with 5 static IP addresses. I think the fear is that I was to misconfigure my ip addresses/gateway in the modem I could pentially create an duplicate IP address with someone near by - they didn't feel the need to explain why, just said no. Yes, 40Mb UP with IPSEC VPN into Azure (we get about 100 down from it because I won't upgrade my gateway on the Azure site.) I'm running pfSense on a high-end system, so I could get near lines-peed for the encryption as long as the network will transmit the packets...
TPIA is something I've been considering. The fibre into the building was install by Bell on behalf of Telus but was installed in a way that it's dedicated for Managed service only (don't ask, neither knows how to get it straightened out) so Fibre isn't an option. And we don't have line of site to go with a TeraGo, so something like a TekSavvy might be our only option.
We have Primus in here, but it's bonded sDSL so it's got a cap of about 20Mb.
01-28-2019 02:53 PM - edited 01-28-2019 03:07 PM
That's not terribly shabby, 100 down 40 up thru the IPSEC VPN. I'm actually impressed with that upload speed thru the 4582 modem. Higher than what I would have expected. Is the Azure ingress point nearby, or is that at some distant point, just curious.
Sounds like there isn't much choice in your building. Ugh....
Looks like Teksavvy might be "up to 250 Mbps Down / 20 Mbps Up", half the rate of your current upload. You would have to check with Teksavvy's site to see if the upload rate is the same for your location. The only modems that would be suitable would be the SmartRG SR808ac or TP-Link TC7650. I think Teksavvy has a request in with Rogers to test and approve a Broadcom BCM-3390 based modem.
https://help.teksavvy.com/hc/en-us/articles/200315110-Approved-Cable-Modems-Rogers-Network-Ontario-
You would want to avoid the Hitron and Cisco modems and the Technicolor DPC3848V
as they are all Puma 6 modems. Technicolour took over Cisco's modem line from what I remember.
05-02-2019 06:23 AM
@Datalink wrote:Hi @flyboy50
Looking around I came across the latest build of OpenVPN, which appears to be v 2.4.6. There is a note in the following page which indicates that a newer driver will be included in an upcoming Windows Installer. Have a look at the NordVPN version of OpenVPN and if that is an older version, consider loading the newer version. To do that, on the pc, navigate to Start …. Programs and Features. Have a look to see if OpenVPN is listed and what version is loaded. Don’t quote me on this, but you should be able to load the newer version over the existing version. The latest version has improved IPv4/IPv6 dual stack support which might be useful in improving the throughput. I’d bookmark the following page and keep an eye on it for updates to OpenVPN:
https://openvpn.net/index.php/download/community-downloads.html
While doing this I came across a comparison between ExpressVPN and NordVPN. The comparison indicates that NordVPN’s North American servers run slow. Looks very much like the results that you saw. That in itself might be the sole reason behind the slow performance. Take a read thru the following July 2018 comparison:
https://restoreprivacy.com/expressvpn-vs-nordvpn-comparison/
https://www.bestvpn.co/nordvpn-vs-expressvpn/
Can you run a speedtest thru some of NordVPNs servers in Europe? I’m thinking maybe the servers in the UK, Netherlands and Germany. Have a look to see if there are major differences in the throughput rates, as suggested in the comparison.
VPN throughput rates. Reading thru some of the pages spread across various site, the subject of encryption comes up. This makes sense, as you use higher encryption levels, the encryption/decryption load goes up. Have you run any tests to see what effect if any occurs when you select a different encryption standard? It might be that your throughput is so low, that it doesn’t matter which encryption standard you choose.
Can you have a look at the modem’s VPN passthrough settings. Log into the modem and navigate to SECURITY …. VPN Passthrough. My modem is running in Bridge mode at the moment so I don’t have access to that page. Previous versions had an IPSEC, PPTP and L2PT Pass-Through. Can you have a look to see if SSL is available as those other settings won’t help. If there is an SSL or SSL/TLS selection, please enable it, save the setting and reboot the modem …. ADMIN ….. DEVICE RESTART …. Reboot.
Food for thought:
I’d like to see the results for a speedtest thru a European Nordvpn server, just to see what difference there is. This might answer the question on its own.
Reading thru various pages, it looks like OpenVPN is a pig to run. It might be an idea to load a different VPN application to see if you end up with better results. I don’t know what applications are out in the wild, either free or licenced. In either case, I’d be looking for AES-NI support to get the pc’s VPN throughput running at its maximum. Looks like Windows has its own Microsoft VPN Client built in. It might not be as fancy as the OpenVPN client, but, it’s probably worth looking at for test purposes.
OpenVPN appears to run UDP or TCP/IP. UDP is a fire and forget type of protocol. It will either get to its end destination or it won’t. TCP/IP requires packet receipts, so, once a packet is sent, it should arrive or be retransmitted. One way or the other, it will get to its end destination. Problem is, the TCP/IP transmit/receipt protocol slows traffic. So, fwiw, you could try running UDP and see what you get for results, both in terms of reliability, and in speed.
Here’s an interesting line that I came across in the following link:
https://en.wikipedia.org/wiki/OpenVPN
“When OpenVPN uses Transmission Control Protocol (TCP) transports to establish a tunnel, performance will be acceptable only as long as there is sufficient excess bandwidth on the un-tunneled network link to guarantee that the tunneled TCP timers do not expire. If this becomes untrue, performance falls off dramatically. This is known as the "TCP meltdown problem"[17][18]”
That shouldn’t be an issue given the bandwidth that you have available, but, it’s rather interesting.
OpenVPN supports IPV6. Just for test purposes, try disabling IPV6 in the modem and see what happens to the VPN performance, if anything. Navigate to BASIC …. GATEWAY FUNCTION, and change the Router Mode from Dual (stack) to IPV4. Save the changes. It will take a couple of minutes for the modem to switch to IPV4 “only” mode. I usually reboot the modem after this. Run the ADMIN …. DEVICE RESET …. Reboot function. At the same time, reboot the pc. After the reboots, run another test thru the VPN to see what you end up with for results.
I came across a post for OpenVPN running on PfSense, which is a firewall operating system that is loaded on a pc. The post indicated that OpenVPN is a single thread application, so, it doesn’t matter how many processor cores there are, or if the processor has hyper-threading running, this is a single thread application. The only way to run the VPN faster is to run a faster processor. So this is rather interesting. When you’re running the VPN, bring up the Windows Task Manager and select Performance …. CPU to look for CPU loading. It would be interesting to know what the CPU loading is when the VPN is running. I came across a request in the OpenVPN Wishlist to include multi-core support, so, this looks like a problem. This gets back to the AES-NI support which should direct encryption processing to the onboard hardware processor, assuming that there is one built into the CPU. The question in this case is whether or not that processor is tied to the CPU clock rates, or if it can operate independently of the CPU? The CPU load might be a hint, low load, maybe the processor is doing the work, high load, the CPU is doing the work, in which case, what’s the status of the AES-NI support in the NordVPN OpenVPN application. Hopefully you can see why I’m asking this.
Fwiw, there is an upcoming firmware change for the CODA-4582 modem to improve the performance of IKE/IPSEC which is used by MACs when they connect with NordVPN. I don’t know if that will result in any corresponding improvement in VPN performance. Right now, the Hitron modems will limit IKE/IPSEC to 25 Mb/s. That's either a firmware problem, or a firmware limit that's existed since 2008 from the original Puma 5 modem manufactured by Texas Instruments (my guess). This might be part of the problem that you're seeing, although I still don't understand how you're using IKE/IPSEC in the first place.
Ok, so, this is a little bit of homework. As I indicated earlier, there doesn’t appear to be a single magic bullet that will solve the problem. One item that does come to mind is to call NordVPN tech support and ask the Customer Service Rep if AES-NI is already running in their OpenVPN client, and if not, what has to be done to enable AES-NI. I haven’t found any specific info for it, so, maybe the support is built in. If you do have to enable it, you might not find any difference in throughput rates if all of their North American servers are running very slow. It’s entirely possible that you could put a great deal of effort into this and not get anywhere due to their server throughput rates. Only way to determine that is to try different servers, or possibly even a different VPN provider.
What setting are you using for the encryption? AES-128-CBC, AES-192-CBC or AES-256-CBC?
Thanks, This is helpful.
08-23-2019 05:20 AM - last edited on 08-23-2019 09:04 AM by RogersTony
I am a rogers internet customer with an Ignite 150 plan using the Hitron/CODA gateway (modem/router)
I bought a router that has the ability be a VPN client. I initially set-up this router on a Bell network and preformed speed tests for various configurations (wired, wired w/VPN, wireless, wireless/w/out/VPN). Please take my word for it that the speeds differences were greater than any reasonably acceptable differences.
My Hitron/CODA has the residential gateway turned off, so I assume the Hitron/CODA is acting solely as a modem.
1) Can this discrepancy be explained by Rogers? (e.g. is throttling of VPN traffic a thing?)
2) Is there anything Rogers can do from their end? (ISP side of the modem)
3) Does Rogers have another modem option that treats VPN traffic more efficiently?
Any other insights would be greatly appreciated.
08-23-2019 08:18 AM - last edited on 08-23-2019 09:04 AM by RogersTony
VPN data shouldnt be throttled.. that being said i have never got full speeds on mine.. BUT there is a lot of things into that as to possibly why as well.
Just to make sure, your router is connecting to a VPN itself? So then all traffic through the router, is then VPNd, etc?
The questions I have, are what and where is the VPN connecting to? What address, and where is that located?
As that can make all the difference in the world as well.
For example, without it.. do a speed test to one of the closer test points to yourself.. then start choosing ones farther away. The results will drop, as the distance can make quite a difference.
If the VPN endpoint that your connecting to is further away.. could make a difference.
That being said.. could be some routing stuff too. The route to that VPN location, could be taking a different, less efficient route than say bell has?
Thoughts @Datalink
08-23-2019 08:36 AM - edited 08-23-2019 09:14 AM
All of the above plus:
1. What protocol is the VPN using, UDP or TCP/IP?
2. What VPN is it (for future reference purposes)
3. Please confirm that you have the white Hitron CODA-4582. I thought that the modem was only being used for 500 Mb/s service and above these days, unless you were assigned the modem when the requirement was an unlimited plan, no matter what data rate was being used.
Just to note, the Intel Puma chipset has issues with certain protocols. Much of this dates back to the previous black Hitron CGN3xxxx (Intel Puma 6) models, and most likely predates that, back to the original Texas Instruments Puma 5 chipset (2008). Intel bought the Puma modem line from Texas Instruments in 2010. From the Rogers firmware update list comes the following note at the bottom of the post:
So, Encapsulating Security Payloads, more specifically IPSEC has been seen to run slow on the previous CGN3xxx modems. That hasn't been so much of an issue with the CODA-4582, most likely due to the lack of users with the 4582 who are actually attempting to run a VPN. There is a fix slated for release at some point which will address the ESP/IPSEC issue, but, I don't know when that will be release. I'd hope to see it in the next release but, who knows? The additional question here is, are there firmware problems with any other VPN protocols? It would be nice to see a list published by Intel that would provide that, but, that's dreaming in technicolor. Intel will never publish a list that provides those details, so, the end customer continues to suffer with poor VPN performance.
In addition to checking other ingress points with your VPN company, look at the protocol that happens to be in use and look at the encryption level as well. If you have a choice of protocols, select the other protocols for test purposes to see if that makes a positive change. If you can drop the encryption level and still meet your security goals, that might result in a higher data rate.
My personal thoughts are that the original firmware design in 2008 limited the VPN data rates for some reason that was determined by a firmware engineer at that point in time. Those limitations were probably carried forward into Intel's version of the modem which were the follow-up Puma 6 CGN3xxxx and then the Puma 7 4582 and others. Don't know why Intel hasn't picked up on the growing trend of VPN use, which has been on the uptick now for several years, and addressed the issue for all protocols used by VPNs. Faster processors used in the Puma 7 line does somewhat address this, but, the firmware limitations, if that is the problem, also have to be addressed. That's not a case of throttling, but, simply a default data rate that may have been selected a very long time ago for use by certain protocols, or, in the event that the modem ran into a protocol that wasn't on its list of "if you see this protocol, then use this data rate xxx Mb/s". That default data rate might have made sense in 2008, but, it doesn't make sense anymore, given the processing capability that is available for VPN use these days.
Out of curiosity, what router do you currently have, and, does it have hardware support for Intel's AES-NI, which is used for encryption.
Please let us know what you find.
Edit: what are your normal (non-VPN) data rates like? Are you getting 150 Mb/s down / 15 Mb/s up?
08-29-2019 04:59 PM
I dont see the TC4400 as available on rogers through EBOX. sad face
07-07-2022 11:09 PM
Hello, question for those with business static IP Rogers cable Internet/CODA modem using ipsec VPN: is your download speed normal when on VPN? Everything worked fine for me up until a couple of months ago when suddenly the download speed became only 10 Mbps (on a 150 Mbps plan) and I can't figure out why. No changes on my end and no known issues on Rogers end. Was just wondering whether anyone else is experiencing the same issue. Thanks.
07-13-2022 04:03 PM
@ingaewow, I was just looking around for that exact same problem. I have business cable 1G/50M with static IPs. With IPSec I am lucky to get 10Mbps download, 20Mbps upload (connecting back to office). I was also totally fine a few months back. I know other clients as well that have the same problem as well. I am using PaloAlto gear on each end and was at ~800 Mbps down and 45 Mbps up before.
07-16-2022 07:29 PM
Thanks for letting me know. We are using Juniper equipment. Multiple sites with the same issue. Did you try talking to Rogers? Also, If I put a router doing NAT between the VPN device and Rogers modem (so that ipsec does NAT-T and uses port 4500 instead of 500) then the VPN download speed improves. Is it similar for you?