It will be nice to hear if there are actually inherent issues with IPSEC over VPN.
This clearly is an important discussion for anyone who is using VPN clients to access corporate defined VPN services.
Fortunately, you had your wife using a different client, to evaluate, as you have no capacity to use different service, or VPN client - unless I am wrong you are on a defined corporately managed VPN connection, with a configured client, defined again by your internal or IT consultant team.
If your support is like the team I managed for corporate VPN access to my internal customers (staff and clients of the services) in a previous job, and having been on the other side too, the team is limited by what they can do when they are confronted by an issue that may be modem/service/router based on the client side of things.
They have usually tested extensively and researched and have experience on "fine tuning" the client side, but there is only so much they can do.
I know I personally had to advise staff that we couldn't support certain residential network, and eventually moved to us providing the business access to residential setting in order that we had more control over the client side.
I hope that you can over come it on Rogers, since it sounds like you pay for your own services, and it also impacts your wife's work too, so you need clarity on whether you have to move to another service - maybe back to TS, or maybe there is an alternative modem or firmware build that is available for your situation.
For my own curiousity, and the benefit of others, I would love to hear the outcome. It is just past professional career curiousity. Certainly been there. My wife had her own challenges with a Cisco connection with her past company over Rogers a few years ago. We ended up in her case that we had to go to a wired connection, that for some reason the WIFI wouldn't connect with the client properly.
Good luck in finding a solution.
@BS you are correct about the corporately managed VPN connection. I have no experience setting up Cisco VPNs but I suspect asking IT to mess with configuration for the sake of testing that may go nowhere is a non starter.
@Datalink mentioned AES-NI CPU extensions which I have. This is supposed to accelerate AES encryption/decryption. (Though I don't quite understand how that helps if the problem happens before the client.) No clue if the Linux vpnc client automatically makes use of this. I see the AES module loaded and openssl appears to know about it.
I'll remain in a holding pattern at least for a while (or until my "other boss" has had enough) in the hopes that maybe a new firmware down the road will help. Though it sounds like a hardware problem / design choice that can't be fixed with firmware.
Are you possibly able to take your device and try to connect to someone you know on a Rogers connection, possibly same modem or another one, or go to a open WIFI.
Does someone you know have a router you could set in and run bridge (you may have mentioned that you have).
Just to isolate modem, site specific to your home. Obviously there must be others using corporate VPN's and clients (either software or hardware), to access work securely - and definitely there have been reported issues with this modem across all ISP's, but I suspect it must be working for some.
Difficult one to diagnose as I would agree, your IT will probably only go so far, but I would suggest asking, can't hurt, or your wife asks hers. Very little Rogers can do because they can't touch your VPN client and I suspect they would be very reluctant to get into diagnosing or playing with your VPN client and protocols, although they may have some knowledge of a few things depending upon who you get.
Only thoughts that come to mind for testing/troubleshooting that I can think of.
Have a look at these - I am wondering if your VPN is using port and protocol combinations that the Hitron does not support well. Doesn't change the reality that your employer boss, and your real boss will probably want to see this fixed soon.
Good luck with it.
I recently switched to Ignite 500U/20D and use Global Protect VPN client for work and have no issues with connection speeds.
The company I work for used to use Cisco VPN Client and changed over to Global Protect because of some issues.
I use RDP regularly to connect to my desktop or servers at work and have never encountered any issues.
My Hitron is setup in Bridge mode with an ASUS modem. I believe my Hitron has the same firmware as yours.
@BS Good suggestion. I have a friend using Rogers 100 who signed up over a year ago so 99% sure it's a different modem and in bridged mode. I can take a laptop over and do some a/b testing.
I'll try and corner our IT guys to see if there's some alternate VPN configuration available.
I don't expect Rogers to be able to do anything at all unless they have some alternate modem trial they'd allow me to enrol into.
@TECHHEAD thanks, I googled Global Protect.
Correct me if I'm wrong but it looks like you have to use their service. It isn't just a client like say Shrew Soft (which I tried) that you can use with another VPN provider. Anyway I'll poke around.
edit: Ok I see. It's a whole other platform so this is not an option
I doubt a client can help as I've tried the Linux vpnc client which is very lightweight and the Windows Cisco client (older one not that anyconnect stuff) both with the same results.
🙂 yes that boss tends to have veto power when it affects productivity.
Agreed about the Cisco client.
I think if I had just started VPN'ing to work I would probably just accept this is the way it's supposed to be.
I can work, little choppy sometimes, and moving data back and forth (git push/pull) is super slow so I'll avoid it when possible.
Others might say well if you can work what are you complaining about. Yes, I can work.
I've seen the difference though. I just dropped a solid service that was more stable with better throughput had zero modem issues for a service with a fatter pipe (which truly is a miracle after being on 5-50 Mb) that is hampered by hardware. ~100$ a month is nothing to sneeze at and this is the discounted rate! I don't think I'm asking for too much...
I was doing some further searching on hitron users and related forms from ISP's and it has been suggested that there may be issues with the port being blocked for RDP. There is port forwarding capabilities in the interface, but I haven't had to deal with port forwarding in a long time, and it was never one of my skill sets - others wold advise me of the actions, and I would assist in role out where needed.
Again, good luck - any luck with pushing this issue up to a higher level tech support in Rogers, just wondering. Sometimes you get a person who likes a challenge - too bad RogersDave is no longer around.
So I brought a laptop with the same VPN clients I've tested with on my connection to a friend who has 100Mb service.
It was even worse on his end. Speeds topped out around 2 Mbit/s. I attribute it to the fact that he also has a Hitron modem except it's an older CGN3.
I think there's enough evidence that certain VPN traffic is hobbled by Hitron modems. Presumably anything equipped with this Puma garbage.
Just google it. These chips seem plagued with issues going back several generations. Very strong "do not buy" vibe out there.
As I mentioned a colleague using a TP Link 7650 equipped with broadcom easily gets a stable 5-6 Mbit/s.
Mine is all over the place 600KB/s - 6Mbit/s frequently only 1 or 2 Mbit.
One day soon I hope to work up the stamina to call tech support and see if I can start an actual case about this but I frankly don't see where this can go.
Rogers please ditch these modems for Broadcom based ones or, perish the thought, let us use our own modems. Just bring the service to my house and I will worry about the rest PLEASE!
@hoek this isn't a Hitron issue, its an Intel Puma chipset or firmware issue. Ideally this would be nothing more than a QOS selection made by the modem (which could be easily changed), but, there has never been any feedback on the real cause of the poor IPSEC and VPN performance, so anything is possible. Any comments regarding the poor IPSEC and VPN performance should be directed to @RogersSergio so that he can direct/request the engineers to move this issue higher in the "to do" list.