I’ll preface this with we already have a case open with Peplink. I wanted to get some possible feedback from the community that may have also run into this issue.
In short, we have a user that’s connecting to a Checkpoint FW in mainland Europe from the UK to get into their environment. In many sites, we have a mix of HD2s and HD4s deployed, all with a SFVPN back to a head end within our core.
The short version is performance, in particular upload bandwidth is atrocious via the cellular interfaces from these devices.
We’ve setup a test environment of sorts, leveraging a local HD4, BR1 and a remote HD2. We’re comparing this with a Huawei CPE B593.
In short, non client VPN performance is nearly identical across all devices, and for the Pepwave’s part, in the SFVPN as well…we see about 25Mb down, 7-10Mb up. On the Huawei, with the client VPN enabled, it drops to about 13Mb down and 3-4Mb up. On any Pepwave, DL is about the same, but UL is about 3-500kbps.
We’ve played with the cellular interfaces’ MTU with no effect, from 1500, down to 1290. The Huawei is 1500.
We’ve used our SIM on both the public APN as well as our private APN. Nothing we do gets the performance we’re seeing on the Huawei. Wired WAN connectivity on the Pepwave is fine. All this leads me to believe the Pepwave is handling this differently via the cellular interface. We know it’s being fragmented out the cellular interface, but again, nothing we do to MTU changes that behavior. I can’t see what the Huawei is doing as I don’t have a port mirrored for that, but as the head end should be reassembling that before it heads out its egress interface anyway (which it does) I think that may be a moot point.
So, I’m open to suggestions. We have no direct control over the VPN client, but I’ve asked the party in question to look at the FW to see what sees from the different methods of connectivity.