Questions re: 2-home setup

AndyRH

I have been running a VPN tunnel for several years with no issues. It re-establishes the connection automatically. I am unsure if either end has changed IPs, but both ends are using DDNS. The routing was more or less automatic when we added the VPN interface.
With no rules, traffic to the internet always goes out the WAN link. We put rules in place to limit network exposure on both sides.
The Netgate device needed depends on what else you want to do and your WAN speed. In my case the VPN is limited to 50Mbps due to one of the links. Both sides are 7100's.

Be aware some things, such of Plex, will see the other side as local and can take all of the bandwidth unless you tell Plex what is local. We added rules to force Plex to go out the WAN.

Lensman

@andyrh Great info thanks.

Any Plex will be LAN only, never across the VPN. I have 200mbs on one side and 500mbs on the other.

Love that the routing was automatic.

With this info, I feel confident enough to make the purchase. The rapid response is greatly appreciated.

stephenw10

@lensman said in Questions re: 2-home setup:

I have 200mbs on one side and 500mbs on the other.

Up and Down? Bare in mind that the limit is often the upload speed at either end.

Also the total throughput may be limited by the latency between the sites.

Steve

Lensman

@stephenw10 on the 200 mbps end, upload is not great. About 20 mbps. Thanks XFinity. On the 500 mbps end it is somewhere in the 200 mbps range.

stephenw10

Ok so 200/20 is the best you could ever see over the VPN. The 1100 is capable of passing that using an ipsec tunnel given sufficiently low latency.

You would not want to use it at 500Mbps end though as it would throttle the unencrypted WAN bandwidth.

If you have any old hardware available for a test I would recommend trying that first.

Steve

Lensman

@stephenw10 said in Questions re: 2-home setup:

You would not want to use it at 500Mbps end though as it would throttle the unencrypted WAN bandwidth.

Can you explain that please? Why would doing this throttle the unencrypted bandwidth at all?

stephenw10

Because 500Mbps is at the limit of what the 1100 can pass. You would want a 2100 there at a minimum to be sure of not reducing the available WAN bandwidth.

Steve

Lensman

@stephenw10 I see. Specs indicated a little better than that which is why I purchased it to begin with. I'll give it a shot with the 1100 and measure. Will upgrade to 2100 if needed. Thank you for the response and detail.

stephenw10

The 1100 will be fine at the 200Mbps end but personally I would want something more powerful at the 500Mbps end. If you never actually use 500Mbps you may never notice it.
Unfortunately where I am I can only dream of 500Mbps.

Lensman

@stephenw10 That is sad. I was skeptical but with AT&T in Northeast FL, I regularly see 500 mbps download on speed tests. I doubt I ever actually pull that much but we easily stream 3 or 4 TVs while I am working from home (VPN'd into work network as well) or on Teams calls with video and have zero issues. That is all pre netgate so going to be an interesting test. I'll report some results after it is all working