05-01-2025 03:14 AM
Hi All,
I am having issues with GP disconnecting randomly or slow performance issues, the laptops that it is installed on are Dell Latitude 5450's, over the vast majority there are no discernable issues (circa 2.5k users) however for random users there are these Performance issues and disconnecting when using certain apps (teams being one) rebuilds and patching upgrading/downgrading does not appear to help, the only thing that has been observed for one user (and one only) is that DNS is failing for some reason and then the VPN drops, but this is not all the time and can happen after VPN has been up and operational for an hour or so, and one users issue was to replace the Laptop, this has made me wonder if there could be some 5450's that have different nics in them and could be causing conflicts.
Hope this makes sense, thank you all for looking and any assistance you can give.
05-01-2025 01:51 PM - edited 05-01-2025 02:55 PM
I'm not sure if your issue is the same as ours. They had slow speeds in general and especially for outlook. Turned out they were using mostly the same isp, which was one of the 5g home internet. So for these users we created a ad/saml special group, with higher priority than the normal group and dialed there mtu settings back, to account for the extra overhead the 5g added(pppoe). I set it to 1300 for them. The problem went away for those users. I left everyone else with the default mtu settings. Keep in mind that 1280 is the lowest you can go and still support ipv6. Which I find that its best to have ipv6 enabled on the portal, so carrier grade natting for ipv4 doesn't get in the way. You don't have to actually have ipv6 enabled internally, you do have to assign a ipv6, but it can be a private range and not route it. Everything will then fallback to ipv4. If I had a block of ipv6 publics I would assign them, but for Azure you have to bring your own.
I just wanted to add, we found two issues. One was the pppoe and the mtu size, and the other was cg-nat ipv4 and people using hotspots. The cg-nat would be connected with ssl fallback and not ipsec. The ipv6 public portal fixed the second issue. Verizon was 5g home internet and at&t was the hotspot issue mainly.
Good luck
05-01-2025 10:54 PM
Thank you for that, I will look into dropping the MTU down, it would be fairly easy as you say with a unique profile for specific users, I never considered the IPv6 point though so thank you for being so detailed in your reply, I will try this today and update once we have a verdict, once again thank you for the quick and very comprehensive reply!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
