How to optimize your VPN connection to Azure, GCP and AWS.

Nowadays day by day more people have inbound/outbound connections of about 1 GB and can reach this speed during connection to Cloud – 2,5 Gigabits per second.

But if you build your VPN to Cloud you can reach this speed:

So it is ten times slow… Just why, as far I remember from school IPSEC was designed to use special cards and protocol changes bit 1 to 0 many times for low-level electronics processors it is not a problem, but for programmatic it is.

How to reach better results, can we reach better results – it depends, but starting reading a quite old article you can figure out that at least 50% reduction is a must. See here more.

So 50% less is ok, but not 90% – so how to do it in Windows – just change parameters like this:

Set-VpnConnectionIPsecConfiguration -ConnectionName “VPN” -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants GCMAES128 -EncryptionMethod AES128 -IntegrityCheckMethod SHA1 -PfsGroup None -DHGroup Group2 -PassThru -Force

So it is for Appliance VPN and Point-To-Site VPN- but the same is for Site-To-Site VPN. Simply you must use GCMAES128. After that you can reach this result:

Why wrong results, just testing machine used nested virtualization and was overloaded, so in real life, you will get better results.

BTW – for VPN you can use this free Linux VPN Appliance.