Since switching to Verizon Home 5G I’ve had some pretty awful connectivity issues on our work VPN. Some internal URLs were taking 5+ minutes to load (curl showed ~27kb/s speed). Since fast.com reported both on/off vpn speeds of 250+ mbps, I was blaming the application/network teams.
and disabled all ALG settings and this immediately cleared up the issue.
to do this, login to your router and head to the Security → Firewall section and select the “Maximum” radio button and save the changes. Now head to NAT Forwarding → ALG and ensure all settings are disabled.
just wanted to post this here in case this helps anyone!
fwiw, I’m not a networking guru and don’t fully understand what these options do (maybe someone can educate me here) but the difference is night and day.
for the techies, here are the speed comparisons from curl:
ALG is an Application Layer Gateway. Essentially a NAT or firewall application layer (meaning a program or service — OSI layer 7) “translation” service.
Yep. Many routers have this implemented poorly. It’s also fairly CPU intensive. Always best to disable it unless there is a need for ALG to be enabled (for example, something doesn’t work…).
One reason to get away from IPSec VPNs is for reasons like this. Better to use DTLS based VPNs.
And when you have it set to max or high you’ll end up with home IoT devices like security cameras and other things no longer able to connect to the Internet.
Possibly what is happening is his work VPN gives up on trying to use IPSec and falls back to SSL mode. I have to use Global Protect and it shows a warning message when that happens. SSL is slower but more reliable at getting through firewalls because almost all web traffic is SSL now so it can’t be blocked. If you’re doing just web browsing via SSL things will be good. If you then try UDP based traffic over the SSL VPN it will probably suck in terms of speed … but at least it will work.