I have two RRAS servers running Server 2016 which are used to provide SSTP connections to end users. Upload and download speed is capped to around 10Mbit for the people (20-40 at a time) that are connected. I think this is sort of the best they can get, due to a high encryption being set. Does anyone know if there is a way to get the speed up? The servers itself are running on a 1 Gbit line.
I can’t find very good documentation on this, but maybe I’m just looking in the wrong direction.
I’ve never seen a cap, I never really tested it either, but connections always seemed pretty fast, faster than 10mb. We use SSTP for all clients here heavily.
It might be related to encryption, but SSTP protocol is TCP-encapsulated only. This means TCP-in-TCP tunneling, which is a bad idea and with a potential to incur “TCP Meltdown”.
The best you can do with TCP-in-TCP is to check all MTUs, and absolutely ensure that you’re not blocking the ICMP used for Path MTU Detection.
My last company used RRAS SSTP and it was always terrible. We switched to OpenVPN and it was so much faster.
Windows Server’s VPN is pretty painful, always has been.
how are you measuring the speed cap ? file copy from a shared drive ?
Same here. But we had a big increase in working from home and I think there were not too many connections in the past. I do admit this is mostly something I suspect and can’t back up with metrics.
Great, I will look into that. I did indeed check MTU values, but maybe I have overlooked something. Appreciate the documentation.
e
Update: MTU values seem the same everywhere. We’re using 1350 since there are also some Azure tunnels in place.
I’ve never had much trouble with SSTP to be honest. Just until a few weeks ago with one customer. 
I’m hoping to resolve it instead of going through the process of finding a new VPN product that needs to be tested etc. But well, maybe in the end it will indeed come to the choice of another product.
Mostly using iperf, but also with some file copies or some speed measuring website like fast.com