System Administration & Network Administration
windows vpn windows-10 network-speed gigabit-ethernet
Updated Sat, 24 Sep 2022 15:25:54 GMT

Why do some VPN clients slow down the network connection even when they are not it use?


I work as an I.T. consultant, and I often have to install various VPN clients on my computer in order to connect to customer's networks; beginning in March 2020, I started always working from home for well known reasons.

Until a couple months ago I had a 100 Mb/s ADSL Internet connection, thus I never noticed what I'm describing next; then I upgraded my connection to a FTTH 1Gb/s connection, which normally achieves 800-900 MB/s download speed and 100 Mb/s upload speed.

However, when I install some VPN clients, namely FortiClient and ForcePoint, something strange happens: my download speed gets capped at about 400 MB/s, even if no VPN connection is established and even if I kill all VPN-related processes and stop all related services; even if the VPN client software is not in use, and even is no process is running for it, my network connection still gets awfully slowed down; the only way to solve this is to completely uninstall the VPN client software.

At first I encountered this issue only with ForcePoint, but then I witnessed it again with FortiClient; no trouble occurred with other VPN clients, such as Cisco AnyConnect or CheckPoint.

Why is this happening? How can this happen, if the software is installed but not actually in use?

OS is Windows 10 21H1 x64, with latest updates.


Addendum.

This is not an isolated case on my PC, I have observed it on several different computers and it has been reported by other people using the software I mentioned; this seems to be an issue related to installing those specific VPN client packages, it's noticeable only when you actually have a fast Internet connection (the slowdown seems to cap it at about 400 Mb/s, you won't even notice it at all if your connection is slower to begin with) and it happens as soon as the software is installed, regardless of its actual usage; the only resolution is to uninstall the offending software.

Update

It looks like the issue is caused by network filter drivers which during the setup are installed and bound to all network adapters in the system, including the physical NICs and other virtual adapters which don't have any relationship at all with the VPN client you are installing.

Specifically:

  • ForcePoint installs a ForcePoint VPN Client Driver and binds it to all network adapters in the system.
  • FortiClient installs a FortiClient NDIS 6.3 Packet Filter Driver and binds it to all network adapters in the system.

If those drivers are unbound from the NICs, the problem disappears and the full connection speed comes back.

Other VPN clients (Cisco, CheckPoint) don't do such a thing, and they don't create this kind of slowdown.

Now the question becomes: can those drivers be safely unbound from real NICs without affecting the VPN client operation, or are they required instead?
Is this documented somewhere?




Solution

I can confirm by empirical testing that those VPN clients install a network driver which gets automatically enabled on each and every network interface.

Disabling this driver in the NIC properties (on NICs which are not related to that specific VPN) fixes the issue, and the VPN client still works.

I'm not going to reverse-engineer that, but at least this got rid of that awful speed cap without uninstalling the VPN software every time.