Working Remote: The New Norm
These days many people are working remotely. Over the past several months the numbers of individuals in the category has undoubtedly increased dramatically. Fortunately, by using a Virtual Private Network (VPN) connection to the workplace, we can still have access to things like file servers, databases, and instruments. There is a downside, however. Using a VPN can actually have a negative impact and slow down your overall network speed. If this is something you’ve noticed, fear not! We have an explanation and a solution. Read on to find out more.
Your Typical VPN Setup
For those currently using a VPN, the network structure may look like the following:
The diagram illustrates:
- An office network with a VPN capable router
- The office LAN subnet is 10.1.1.x
- Your PC desktop at work has an IP address of 10.1.1.100
- A home network with a LAN subnet of 192.168.1.x
- The home laptop has an IP address of 192.168.1.115
- And of course, the Internet
A VPN connection is initiated from the home laptop through the home router to the office VPN router. This enables the laptop to access the office LAN. You will notice the VPN connection has its own VPN office router IP address of 192.168.0.2. That is the IP address for the WAN side of the office router. However, as far as working on your laptop is concerned, you only have access to the office LAN subnet of 10.1.1.x.
Where the Trouble Begins
At this point every is working fine. From your laptop, you can access the office resources, remote into your PC, etc. When you open a web browser you can go anywhere you wish, just as you could before you established the office VPN connection. However, you may notice the network is running more slowly when the VPN is active.
The reason for this is simple. Now all the network traffic is running through the office VPN connection. For example, let’s say you want to watch some screaming goat videos on YouTube (who doesn’t, right?). The request and information goes from your laptop at home, through the VPN to the office router, then back out to the Internet, and finally to YouTube. The reply back from YouTube follows the same path back. No wonder your network seems so slow.
If your office is in a very large company that has a dedicated connection with symmetric upload/download speeds at 1 GHz, then there may not be much of a speed issue (though there still may be a privacy issue). However, if your office is like most companies and has a significantly less expensive asymmetric service, the difference is significant. The table below shows typical speeds available to a business. All numbers are specified in Mbps.
| Download | Upload |
| 200 600 1000 | 10 25 35 |
When you are at the office, most of the data transfer happens as a download. Because of this things are very fast. With your VPN connection active on your laptop, however, everything you download to your home laptop has to first be uploaded to you by your office VPN. This means that everything sent from the office over the VPN to your laptop has a maximum throughput of the office upload speed. Also consider that all remote users share this upload speed, so the speed you can achieve depends on how many people are using it.
Routing Configurations
Let’s examine each of the following configurations:
- No VPN
- VPN connected
- VPN connected with a static route
To do this we can open a command prompt and use the route and tracert commands. The route command lets you look at (and modify) your network’s routing table, which describes the network immediately around your PC. Tracert is a command that lets you display the route and transit times of packets in a connection. For simplicity, the discussion below lists the IPv4 addresses, but when you run these utilities yourself you will also see the IPv6 values.
No VPN
In this configuration, the home laptop has no access to the office network, so all traffic goes through the home router, which has a gateway IP address of 192.168.1.1. Running route print produces two interfaces and shows the gateway IP address. A gateway value of On-link means that the client can connect directly, without routing. The table shows values for the PC’s IP address, loopback address, and multicast address.
C:\Users\Bob>route print
===========================================================================
Interface List
12...00 d8 61 ab 69 23 ......Realtek PCIe GbE Family Controller
1...........................Software Loopback Interface 1
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.115 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.1.0 255.255.255.0 On-link 192.168.1.115 281
192.168.1.115 255.255.255.255 On-link 192.168.1.115 281
192.168.1.255 255.255.255.255 On-link 192.168.1.115 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.1.115 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.1.115 281
===========================================================================
Persistent Routes:
NoneRunning tracert verifies the route goes through the home gateway at address 192.168.1.1:
C:\Users\Bob>tracert www.yahoo.com
Tracing route to new-fp-shed.wg1.b.yahoo.com [98.138.219.231]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 192.168.1.1
2 9 ms 8 ms 16 ms 142.254.184.89
3 29 ms 42 ms 24 ms agg62.sndaca7801h.socal.rr.com [76.167.17.201]
4 12 ms 13 ms 17 ms agg23.sndhcaax01r.socal.rr.com [72.129.1.150]
5 27 ms 15 ms 31 ms 72.129.1.0
6 12 ms 15 ms 15 ms bu-ether26.lsancarc0yw-bcr00.tbone.rr.com [66.109.3.230]
7 20 ms 22 ms 12 ms 0.ae2.pr0.lax10.tbone.rr.com [66.109.6.133]
8 24 ms 16 ms 22 ms xe-0-0-33-1.par1.lax.yahoo.com [216.115.96.12]
9 21 ms 13 ms 12 ms UNKNOWN-216-115-102-X.yahoo.com [216.115.102.184]
10 21 ms 18 ms 20 ms et-7-1-0.pat2.sjc.yahoo.com [216.115.107.150]
11 45 ms 45 ms 44 ms ae-9.pat2.dnx.yahoo.com [216.115.96.113]
12 69 ms 61 ms 69 ms ae-5.pat2.nez.yahoo.com [216.115.96.70]
13 64 ms 78 ms 62 ms et-1-0-0.msr1.ne1.yahoo.com [216.115.105.29]
14 67 ms 67 ms 95 ms et-1-1-0.clr2-a-gdc.ne1.yahoo.com [98.138.97.67]
15 71 ms 63 ms 73 ms po255.bas1-1-flk.ne1.yahoo.com [98.138.0.97]
16 61 ms 62 ms 64 ms media-router-fp1.prod1.media.vip.ne1.yahoo.com [98.138.219.231]
Trace complete.VPN With Default Routing
Now we connect to the office VPN. By default, windows makes the VPN interface the default gateway instead of using the home router as the default gateway. The result is that all traffic outside the home LAN will go through the VPN gateway. Running route print shows the new VPN interface (number 28). There is now also an On-link route for the interface at 192.168.5.5 (the VPN interface IP address).
C:\Users\Bob>route print
===========================================================================
Interface List
12...00 d8 61 ab 69 23 ......Realtek PCIe GbE Family Controller
28...........................Office VPN
1...........................Software Loopback Interface 1
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.115 4250
0.0.0.0 0.0.0.0 On-link 192.168.5.5 26
99.1.155.12 255.255.255.255 192.168.1.1 192.168.1.115 4251
127.0.0.0 255.0.0.0 On-link 127.0.0.1 4556
127.0.0.1 255.255.255.255 On-link 127.0.0.1 4556
127.255.255.255 255.255.255.255 On-link 127.0.0.1 4556
192.168.1.0 255.255.255.0 On-link 192.168.1.115 4506
192.168.1.115 255.255.255.255 On-link 192.168.1.115 4506
192.168.1.255 255.255.255.255 On-link 192.168.1.115 4506
192.168.5.5 255.255.255.255 On-link 192.168.5.5 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 4556
224.0.0.0 240.0.0.0 On-link 192.168.1.115 4506
224.0.0.0 240.0.0.0 On-link 192.168.5.5 26
255.255.255.255 255.255.255.255 On-link 127.0.0.1 4556
255.255.255.255 255.255.255.255 On-link 192.168.1.115 4506
255.255.255.255 255.255.255.255 On-link 192.168.5.5 281
===========================================================================
Persistent Routes:
NoneRunning tracert verifies the route goes through the office VPN, which has a WAN address of 99.1.155.14:
C:\Users\Tom>tracert www.yahoo.com
Tracing route to new-fp-shed.wg1.b.yahoo.com [98.138.219.231]
over a maximum of 30 hops:
1 * * * Request timed out.
2 * 23 ms * 99.1.155.14
3 23 ms 37 ms 31 ms 107-143-96-1.lightspeed.sndgca.sbcglobal.net [107.143.96.1]
4 26 ms 24 ms 32 ms 71.148.71.48
5 * * 34 ms 75.20.78.206
6 23 ms 23 ms 27 ms 12.83.70.181
7 29 ms 32 ms 28 ms ggr2.la2ca.ip.att.net [12.122.129.97]
8 29 ms 30 ms 30 ms las-bb1-link.telia.net [80.239.193.213]
9 38 ms 35 ms 41 ms sjo-b21-link.telia.net [62.115.116.40]
10 60 ms 60 ms 65 ms den-b1-link.telia.net [213.155.133.170]
11 80 ms 62 ms 60 ms yahoo-ic-314775-den-b1.c.telia.net [62.115.61.118]
12 73 ms 83 ms 70 ms ae-0.pat1.nez.yahoo.com [216.115.100.8]
13 76 ms 91 ms 77 ms et-19-1-0.msr2.ne1.yahoo.com [216.115.105.181]
14 76 ms 82 ms 69 ms et-1-0-0.clr2-a-gdc.ne1.yahoo.com [98.138.97.73]
15 86 ms 81 ms 79 ms po255.bas2-1-flk.ne1.yahoo.com [98.138.0.99]
16 73 ms 81 ms 79 ms media-router-fp1.prod1.media.vip.ne1.yahoo.com [98.138.219.231]
Trace complete.VPN With the Addition of a Static Route
If only there was a way to route just the office specific traffic to the VPN, and everything else through your home ISP service. That should solve our slow network woes.… Luckily, there is! To do this, we will use a static route. A static route is an entry in the routing table that is manually configured, as opposed to entries that are automatically determined.
You can add a static route to your laptop so that only traffic specific to 10.1.1.x goes through the VPN. This is very simple to do, and you can make it temporary just to test it out. If you’re happy with it, make it permanent so it will still be there after a computer reboot. We will discuss how to create a static route in the next section, but for demonstration purposes we will show the routing table and trace route when a static route is added for the office LAN address range of 10.1.1.x.
The route print command now shows an additional route for the 10.1.1.x office LAN categorized as On-link so our laptop can make a connection as if it were on our home LAN:
C:\Users\Bob>route print
===========================================================================
Interface List
12...00 d8 61 ab 69 23 ......Realtek PCIe GbE Family Controller
28...........................Office VPN
1...........................Software Loopback Interface 1
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.115 25
10.1.1.0 255.255.255.0 On-link 192.168.5.14 26
10.1.1.255 255.255.255.255 On-link 192.168.5.14 281
99.1.155.12 255.255.255.255 192.168.1.1 192.168.1.115 26
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.1.0 255.255.255.0 On-link 192.168.1.115 281
192.168.1.115 255.255.255.255 On-link 192.168.1.115 281
192.168.1.255 255.255.255.255 On-link 192.168.1.115 281
192.168.5.0 255.255.255.0 On-link 192.168.5.14 26
192.168.5.14 255.255.255.255 On-link 192.168.5.14 281
192.168.5.255 255.255.255.255 On-link 192.168.5.14 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.1.115 281
224.0.0.0 240.0.0.0 On-link 192.168.5.14 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.1.115 281
255.255.255.255 255.255.255.255 On-link 192.168.5.14 281
===========================================================================
Persistent Routes:
NoneTo verify we now have access to the office LAN, lets ping the router at 10.1.1.1:
C:\Users\Bob>ping 10.1.1.1
Pinging 10.1.1.1 with 32 bytes of data:
Reply from 10.1.1.1: bytes=32 time=20ms TTL=64
Reply from 10.1.1.1: bytes=32 time=20ms TTL=64
Reply from 10.1.1.1: bytes=32 time=18ms TTL=64
Reply from 10.1.1.1: bytes=32 time=20ms TTL=64
Ping statistics for 10.1.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milliseconds:Now let’s run tracert and compare the route to the VPN configuration without the static route:
C:\Users\Bob>tracert www.yahoo.com
Tracing route to new-fp-shed.wg1.b.yahoo.com [98.138.219.232]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 192.168.1.1
2 16 ms 16 ms 12 ms 142.254.184.89
3 30 ms 24 ms 33 ms agg62.sndaca7801h.socal.rr.com [76.167.17.201]
4 14 ms 15 ms 23 ms agg23.sndhcaax01r.socal.rr.com [72.129.1.150]
5 17 ms 15 ms 23 ms 72.129.1.0
6 15 ms 15 ms 15 ms bu-ether16.lsancarc0yw-bcr00.tbone.rr.com [66.109.6.102]
7 23 ms 14 ms 13 ms 0.ae6.pr0.lax10.tbone.rr.com [66.109.9.24]
8 28 ms 15 ms 16 ms xe-0-0-33-1.par1.lax.yahoo.com [216.115.96.12]
9 15 ms 15 ms 17 ms UNKNOWN-216-115-102-X.yahoo.com [216.115.102.184]
10 19 ms 23 ms 21 ms et-7-1-0.pat2.sjc.yahoo.com [216.115.107.150]
11 56 ms 57 ms 48 ms ae-9.pat2.dnx.yahoo.com [216.115.96.113]
12 63 ms 96 ms 62 ms ae-5.pat2.nez.yahoo.com [216.115.96.70]
13 63 ms 73 ms 65 ms et-1-0-0.msr2.ne1.yahoo.com [216.115.105.183]
14 68 ms 70 ms 66 ms et-1-0-0.clr1-a-gdc.ne1.yahoo.com [98.138.97.69]
15 68 ms 79 ms 69 ms po254.bas1-1-flk.ne1.yahoo.com [98.138.0.85]
16 75 ms 70 ms 69 ms media-router-fp2.prod1.media.vip.ne1.yahoo.com [98.138.219.232]
Trace complete.As you can see in the first few entries, instead of using the office VPN as the gateway, we are now using our home network router! Any replies to web page requests or file downloads will run at the speed of our home ISP, rather than be constrained by the upload speed of the office VPN.
Creating a Static Route
There are two main steps to enabling the static route to the office VPN:
- Modify the VPN interface on the laptop to disable it as the default gateway.
- Specify the office LAN IP address range for the static route.
The result is that all office LAN traffic will go through the static route gateway, and all other traffic outside the home LAN will go through the home router gateway.
Disable the VPN as the Default Gateway
Stay with me here, the setting is deep down in the options. In the Windows Control Panel, go to the Network Connections settings, right click on your VPN, and select Properties:
In the VPN Properties, select Internet Protocol Version 4, then click on the Properties button.
Once in Version 4 properties, click on the Advanced button.
Finally, uncheck the “Use default gateway on remote network” checkbox. Then click “OK”, and work your way back up.
Add the Office LAN Static Route
You will first need to open a command prompt window with Administrator privileges. To do that go to the Windows search box and type cmd. When you see the Command Prompt app, right click on it, and select “Run as administrator”.
Once the command prompt opens, use the “route add” command to add the static route. In this example, the office LAN is 10.1.1.x and the mask is 255.255.255.0. We will add the route by interface number so if the gateway changes it will adjust, so we enter 0.0.0.0 for the gateway, and use “if 28” for the interface number. The entire command is:
route add 10.1.1.0 mask 255.255.255.0 0.0.0.0 if 28
Note that we found the interface number from the “route print” command. If all goes well, you will be greeted with an optimistic, “OK!”
At this point everything is in place. The traffic to the office LAN will route through the VPN, and all other traffic will route out the home LAN gateway. However, the route we just added is temporary, and if we reboot it will no longer exist. To make it permanent, use the -p option:
route add -p 10.1.1.0 255.255.255.0 0.0.0.0 if 28
In case you change your mind down the road, A route can be deleted with the route delete command:
route delete 10.1.1.0
Summary
Now that you know why your network slows down while using your office’s VPN and you have the solution to fix it, there is nothing standing in your way of watching high-resolution kitten videos on YouTube at full blast while you are hard at work. While it might have seemed mysterious at first, hopefully this explanation cleared the air as to what is really going on.
Working from home can be a bit of an adjustment for you and your team, but at least slow network performance will no longer be part of the problem… well, bad network performance as a result of your VPN connection. If you live in the boonies and are trying to connect via dial-up, we have nothing for you.
As always, we would love to hear your thoughts or any other tips and tricks you may have found. Please feel free to leave a comment below or drop us a line at [email protected].
6 thoughts on “How to Fix a Slow Network While Using a VPN”
Hello there,
I want to buy a VPN for streaming and gaming. I have shortlisted these VPNs. What’s your opinion about these:
– Pure VPN 86% off on 10 devices for 5 years.
– Nord VPN 68% off for 2 years.
– Express VPN 35% off for 1 year only.
TIA
Hey Tia,
Thanks for the comment! Unfortunately, we’re not really able to provide any recommendations or opinions on specific VPNs. Good luck with your search, though! It looks like you’re well on your way to making a good decision.
Kind Regards,
Jon
Hi
I tried this and got the message:
route: bad argument 0.0.0.0
All I changed was the remote network IP and the interface number.
If I change the gateway to the actual vpn gateway IP I get the same message.
If I include the word ‘mask’ in there, as in the first example I get:
The route addition failed: The system cannot find the file specified.
Any ideas please?
Many thanks.
Hi Pauliolio,
Would you be able to provide the full command that you’re typing into the command prompt? The route command is super picky on syntax and will give you a wide range of errors if there’s even the slightest misstep.
## Comment SPAM Protection: ShieldPRO marked this comment as “Pending Moderation”. Reason: Human SPAM filter found “-x-” in “author_email” ##
Will this work with any VPN client that a company is putting on their laptops?
I am glad you broke down the router issues. My internet has been a little slow lately. I’ll have to try and get a VPN.