For the latest information on how COVID-19 is impacting our business, please see our updates page.

How to Fix a Slow Network While Using a VPN

Snail with rj45 connector symbolic photo for slow internet connection. broadband connection is not available everywhere.
Share on facebook
Share on reddit
Share on twitter
Share on linkedin
Share on email
Share on print

Working Remote: The New Norm

These days many people are working remotely. Over the past several months the numbers of individuals in the category has undoubtedly increased dramatically. Fortunately, by using a Virtual Private Network (VPN) connection to the workplace, we can still have access to things like file servers, databases, and instruments. There is a downside, however. Using a VPN can actually have a negative impact and slow down your overall network speed. If this is something you’ve noticed, fear not! We have an explanation and a solution. Read on to find out more.

Send Your Serial Data Securely

SB800EX-JDDW-IR-1
SB800EX-JDDW-IR

Or, learn more about NetBurner Serial To Ethernet.

Your Typical VPN Setup

For those currently using a VPN,  the network structure may look like the following:

A typical VPN network setup.
A Typical VPN Network Setup

The diagram illustrates:

  • An office network with a VPN capable router
    • The office LAN subnet is 10.1.1.x
    • Your PC desktop at work has an IP address of 10.1.1.100
  • A home network with a LAN subnet of 192.168.1.x
    • The home laptop has an IP address of 192.168.1.115
  • And of course, the Internet

A VPN connection is initiated from the home laptop through the home router to the office VPN router. This enables the laptop to access the office LAN. You will notice the VPN connection has its own VPN office router IP address of 192.168.0.2. That is the IP address for the WAN side of the office router. However, as far as working on your laptop is concerned, you only have access to the office LAN subnet of 10.1.1.x.

Where the Trouble Begins

At this point every is working fine. From your laptop, you can access the office resources, remote into your PC, etc. When you open a web browser you can go anywhere you wish, just as you could before you established the office VPN connection. However, you may notice the network is running more slowly when the VPN is active.

The reason for this is simple. Now all the network traffic is running through the office VPN connection. For example, let’s say you want to watch some screaming goat videos on YouTube (who doesn’t, right?). The request and information goes from your laptop at home, through the VPN to the office router, then back out to the Internet, and finally to YouTube. The reply back from YouTube follows the same path back. No wonder your network seems so slow.

No One Likes a Slow Network

If your office is in a very large company that has a dedicated connection with symmetric upload/download speeds at 1 GHz, then there may not be much of a speed issue (though there still may be a privacy issue). However, if your office is like most companies and has a significantly less expensive asymmetric service, the difference is significant. The table below shows typical speeds available to a business. All numbers are specified in Mbps.

DownloadUpload
200
600
1000
10
25
35
Typical Business Network Speeds

When you are at the office, most of the data transfer happens as a download. Because of this things are very fast. With your VPN connection active on your laptop, however, everything you download to your home laptop has to first be uploaded to you by your office VPN. This means that everything sent from the office over the VPN to your laptop has a maximum throughput of the office upload speed. Also consider that all remote users share this upload speed, so the speed you can achieve depends on how many people are using it.

Routing Configurations

Let’s examine each of the following configurations:

  • No VPN
  • VPN connected
  • VPN connected with a static route

To do this we can open a command prompt and use the route and tracert commands. The route command lets you look at (and modify) your network’s routing table, which describes the network immediately around your PC. Tracert is a command that lets you display the route and transit times of packets in a connection. For simplicity, the discussion below lists the IPv4 addresses, but when you run these utilities yourself you will also see the IPv6 values.

No VPN

In this configuration, the home laptop has no access to the office network, so all traffic goes through the home router, which has a gateway IP address of 192.168.1.1. Running route print produces two interfaces and shows the gateway IP address. A gateway value of On-link means that the client can connect directly, without routing. The table shows values for the PC’s IP address, loopback address, and multicast address.

C:\Users\Bob>route print
===========================================================================
Interface List
 12...00 d8 61 ab 69 23 ......Realtek PCIe GbE Family Controller
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.115     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link     192.168.1.115    281
    192.168.1.115  255.255.255.255         On-link     192.168.1.115    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.115    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.1.115    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.1.115    281
===========================================================================
Persistent Routes:
  None

Running tracert verifies the route goes through the home gateway at address 192.168.1.1:

C:\Users\Bob>tracert www.yahoo.com

Tracing route to new-fp-shed.wg1.b.yahoo.com [98.138.219.231]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  192.168.1.1
  2     9 ms     8 ms    16 ms  142.254.184.89
  3    29 ms    42 ms    24 ms  agg62.sndaca7801h.socal.rr.com [76.167.17.201]
  4    12 ms    13 ms    17 ms  agg23.sndhcaax01r.socal.rr.com [72.129.1.150]
  5    27 ms    15 ms    31 ms  72.129.1.0
  6    12 ms    15 ms    15 ms  bu-ether26.lsancarc0yw-bcr00.tbone.rr.com [66.109.3.230]
  7    20 ms    22 ms    12 ms  0.ae2.pr0.lax10.tbone.rr.com [66.109.6.133]
  8    24 ms    16 ms    22 ms  xe-0-0-33-1.par1.lax.yahoo.com [216.115.96.12]
  9    21 ms    13 ms    12 ms  UNKNOWN-216-115-102-X.yahoo.com [216.115.102.184]
 10    21 ms    18 ms    20 ms  et-7-1-0.pat2.sjc.yahoo.com [216.115.107.150]
 11    45 ms    45 ms    44 ms  ae-9.pat2.dnx.yahoo.com [216.115.96.113]
 12    69 ms    61 ms    69 ms  ae-5.pat2.nez.yahoo.com [216.115.96.70]
 13    64 ms    78 ms    62 ms  et-1-0-0.msr1.ne1.yahoo.com [216.115.105.29]
 14    67 ms    67 ms    95 ms  et-1-1-0.clr2-a-gdc.ne1.yahoo.com [98.138.97.67]
 15    71 ms    63 ms    73 ms  po255.bas1-1-flk.ne1.yahoo.com [98.138.0.97]
 16    61 ms    62 ms    64 ms  media-router-fp1.prod1.media.vip.ne1.yahoo.com [98.138.219.231]

Trace complete.

VPN With Default Routing

Now we connect to the office VPN. By default, windows makes the VPN interface the default gateway instead of using the home router as the default gateway. The result is that all traffic outside the home LAN will go through the VPN gateway. Running route print shows the new VPN interface (number 28). There is now also an On-link route for the interface at 192.168.5.5 (the VPN interface IP address).

C:\Users\Bob>route print
===========================================================================
Interface List
 12...00 d8 61 ab 69 23 ......Realtek PCIe GbE Family Controller
 28...........................Office VPN
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.115   4250
          0.0.0.0          0.0.0.0         On-link       192.168.5.5     26
      99.1.155.12  255.255.255.255      192.168.1.1    192.168.1.115   4251
        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4556
        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4556
  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
      192.168.1.0    255.255.255.0         On-link     192.168.1.115   4506
    192.168.1.115  255.255.255.255         On-link     192.168.1.115   4506
    192.168.1.255  255.255.255.255         On-link     192.168.1.115   4506
    192.168.5.5  255.255.255.255         On-link         192.168.5.5    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4556
        224.0.0.0        240.0.0.0         On-link     192.168.1.115   4506
        224.0.0.0        240.0.0.0         On-link       192.168.5.5     26
  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
  255.255.255.255  255.255.255.255         On-link     192.168.1.115   4506
  255.255.255.255  255.255.255.255         On-link       192.168.5.5    281
===========================================================================
Persistent Routes:
  None

Running tracert verifies the route goes through the office VPN, which has a WAN address of 99.1.155.14:

C:\Users\Tom>tracert www.yahoo.com

Tracing route to new-fp-shed.wg1.b.yahoo.com [98.138.219.231]
over a maximum of 30 hops:

  1     *        *        *     Request timed out.
  2     *       23 ms     *     99.1.155.14
  3    23 ms    37 ms    31 ms  107-143-96-1.lightspeed.sndgca.sbcglobal.net [107.143.96.1]
  4    26 ms    24 ms    32 ms  71.148.71.48
  5     *        *       34 ms  75.20.78.206
  6    23 ms    23 ms    27 ms  12.83.70.181
  7    29 ms    32 ms    28 ms  ggr2.la2ca.ip.att.net [12.122.129.97]
  8    29 ms    30 ms    30 ms  las-bb1-link.telia.net [80.239.193.213]
  9    38 ms    35 ms    41 ms  sjo-b21-link.telia.net [62.115.116.40]
 10    60 ms    60 ms    65 ms  den-b1-link.telia.net [213.155.133.170]
 11    80 ms    62 ms    60 ms  yahoo-ic-314775-den-b1.c.telia.net [62.115.61.118]
 12    73 ms    83 ms    70 ms  ae-0.pat1.nez.yahoo.com [216.115.100.8]
 13    76 ms    91 ms    77 ms  et-19-1-0.msr2.ne1.yahoo.com [216.115.105.181]
 14    76 ms    82 ms    69 ms  et-1-0-0.clr2-a-gdc.ne1.yahoo.com [98.138.97.73]
 15    86 ms    81 ms    79 ms  po255.bas2-1-flk.ne1.yahoo.com [98.138.0.99]
 16    73 ms    81 ms    79 ms  media-router-fp1.prod1.media.vip.ne1.yahoo.com [98.138.219.231]

Trace complete.

VPN With the Addition of a Static Route

If only there was a way to route just the office specific traffic to the VPN, and everything else through your home ISP service. That should solve our slow network woes.…  Luckily, there is!  To do this, we will use a static route. A static route is an entry in the routing table that is manually configured, as opposed to entries that are automatically determined.

You can add a static route to your laptop so that only traffic specific to 10.1.1.x goes through the VPN. This is very simple to do, and you can make it temporary just to test it out. If you’re happy with it, make it permanent so it will still be there after a computer reboot. We will discuss how to create a static route in the next section, but for demonstration purposes we will show the routing table and trace route when a static route is added for the office LAN address range of 10.1.1.x.

The route print command now shows an additional route for the 10.1.1.x office LAN categorized as On-link so our laptop can make a connection as if it were on our home LAN:

C:\Users\Bob>route print
===========================================================================
Interface List
 12...00 d8 61 ab 69 23 ......Realtek PCIe GbE Family Controller
 28...........................Office VPN
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.115     25
         10.1.1.0    255.255.255.0           On-link    192.168.5.14     26
       10.1.1.255  255.255.255.255           On-link    192.168.5.14    281
      99.1.155.12  255.255.255.255      192.168.1.1    192.168.1.115     26
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link     192.168.1.115    281
    192.168.1.115  255.255.255.255         On-link     192.168.1.115    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.115    281
      192.168.5.0    255.255.255.0         On-link      192.168.5.14     26
     192.168.5.14  255.255.255.255         On-link      192.168.5.14    281
    192.168.5.255  255.255.255.255         On-link      192.168.5.14    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.1.115    281
        224.0.0.0        240.0.0.0         On-link      192.168.5.14    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.1.115    281
  255.255.255.255  255.255.255.255         On-link      192.168.5.14    281
===========================================================================
Persistent Routes:
  None

To verify we now have access to the office LAN, lets ping the router at 10.1.1.1:

C:\Users\Bob>ping 10.1.1.1

Pinging 10.1.1.1 with 32 bytes of data:
Reply from 10.1.1.1: bytes=32 time=20ms TTL=64
Reply from 10.1.1.1: bytes=32 time=20ms TTL=64
Reply from 10.1.1.1: bytes=32 time=18ms TTL=64
Reply from 10.1.1.1: bytes=32 time=20ms TTL=64

Ping statistics for 10.1.1.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milliseconds:

Now let’s run tracert and compare the route to the VPN configuration without the static route:

C:\Users\Bob>tracert www.yahoo.com

Tracing route to new-fp-shed.wg1.b.yahoo.com [98.138.219.232]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  192.168.1.1
  2    16 ms    16 ms    12 ms  142.254.184.89
  3    30 ms    24 ms    33 ms  agg62.sndaca7801h.socal.rr.com [76.167.17.201]
  4    14 ms    15 ms    23 ms  agg23.sndhcaax01r.socal.rr.com [72.129.1.150]
  5    17 ms    15 ms    23 ms  72.129.1.0
  6    15 ms    15 ms    15 ms  bu-ether16.lsancarc0yw-bcr00.tbone.rr.com [66.109.6.102]
  7    23 ms    14 ms    13 ms  0.ae6.pr0.lax10.tbone.rr.com [66.109.9.24]
  8    28 ms    15 ms    16 ms  xe-0-0-33-1.par1.lax.yahoo.com [216.115.96.12]
  9    15 ms    15 ms    17 ms  UNKNOWN-216-115-102-X.yahoo.com [216.115.102.184]
 10    19 ms    23 ms    21 ms  et-7-1-0.pat2.sjc.yahoo.com [216.115.107.150]
 11    56 ms    57 ms    48 ms  ae-9.pat2.dnx.yahoo.com [216.115.96.113]
 12    63 ms    96 ms    62 ms  ae-5.pat2.nez.yahoo.com [216.115.96.70]
 13    63 ms    73 ms    65 ms  et-1-0-0.msr2.ne1.yahoo.com [216.115.105.183]
 14    68 ms    70 ms    66 ms  et-1-0-0.clr1-a-gdc.ne1.yahoo.com [98.138.97.69]
 15    68 ms    79 ms    69 ms  po254.bas1-1-flk.ne1.yahoo.com [98.138.0.85]
 16    75 ms    70 ms    69 ms  media-router-fp2.prod1.media.vip.ne1.yahoo.com [98.138.219.232]

Trace complete.

As you can see in the first few entries, instead of using the office VPN as the gateway, we are now using our home network router! Any replies to web page requests or file downloads will run at the speed of our home ISP, rather than be constrained by the upload speed of the office VPN.

Creating a Static Route

There are two main steps to enabling the static route to the office VPN:

  1. Modify the VPN interface on the laptop to disable it as the default gateway.
  2. Specify the office LAN IP address range for the static route.

The result is that all office LAN traffic will go through the static route gateway, and all other traffic outside the home LAN will go through the home router gateway.

Disable the VPN as the Default Gateway

Stay with me here, the setting is deep down in the options. In the Windows Control Panel, go to the Network Connections settings, right click on your VPN, and select Properties:

Finding VPN properties.
Finding the VPN Properties

In the VPN Properties, select Internet Protocol Version 4, then click on the Properties button.

Once in Version 4 properties, click on the Advanced button.

IPv4 Properties
Digging Further in IPv4 Properties
The goal!
Finally… What We’ve Been Looking For

Finally, uncheck the “Use default gateway on remote network” checkbox. Then click “OK”, and work your way back up.

Add the Office LAN Static Route

You will first need to open a command prompt window with Administrator privileges. To do that go to the Windows search box and type cmd. When you see the Command Prompt app, right click on it, and select “Run as administrator”.

Open the command prompt
Open the Command Prompt as Administrator

Once the command prompt opens, use the “route add” command to add the static route. In this example, the office LAN is 10.1.1.x and the mask is 255.255.255.0. We will add the route by interface number so if the gateway changes it will adjust, so we enter 0.0.0.0 for the gateway, and use “if 28” for the interface number. The entire command is:

route add 10.1.1.0 mask 255.255.255.0 0.0.0.0 if 28

Note that we found the interface number from the “route print” command. If all goes well, you will be greeted with an optimistic, “OK!”

Voila!

At this point everything is in place. The traffic to the office LAN will route through the VPN, and all other traffic will route out the home LAN gateway. However, the route we just added is temporary, and if we reboot it will no longer exist. To make it permanent, use the -p option: 

route add -p 10.1.1.0   255.255.255.0    0.0.0.0   if   28

In case you change your mind down the road, A route can be deleted with the route delete command:

route delete 10.1.1.0

Summary

Now that you know why your network slows down while using your office’s VPN and you have the solution to fix it, there is nothing standing in your way of watching high-resolution kitten videos on YouTube at full blast while you are hard at work. While it might have seemed mysterious at first, hopefully this explanation cleared the air as to what is really going on.

Working from home can be a bit of an adjustment for you and your team, but at least slow network performance will no longer be part of the problem… well, bad network performance as a result of your VPN connection. If you live in the boonies and are trying to connect via dial-up, we have nothing for you.

As always, we would love to hear your thoughts or any other tips and tricks you may have found. Please feel free to leave a comment below or drop us a line at sales@netburner.com.

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Subscribe to our Newsletter

Get monthly updates from our Learn Blog with the latest in IoT and Embedded technology news, trends, tutorial and best practices. Or just opt in for product change notifications.

Leave a Reply

Your email address will not be published. Required fields are marked *

Click to access the login or register cheese