Hacker News new | past | comments | ask | show | jobs | submit login

For reference, I've never seen the built-in Windows VPN protocols exceed ~70 Mbps in any scenario. Maybe it's possible with a crossover cable between two Mellanox 100 Gbps NICs, using water-cooled and overclocked CPUs, but not over ordinary networks with ordinary servers.

I have gigabit wired Internet to a site with gigabit Internet. Typical performance of SSTP or IKEv2 is 15-30 Mbps. That's 1.5% to 3% max utilisation of the available bandwidth, which is just... sad.

It's not the specific site either, other vendor VPNs can easily achieve > 300 Mbps over the same path.

It's a year and a half into the pandemic, there are record numbers of people working from home, and Microsoft is the world's second biggest company right now.

Meanwhile, volunteers put together a protocol in their spare time that is not only more secure but can also easily do 7.5 Gbps!

That needs to be repeated: At least ONE HUNDRED TIMES faster than the "best" Microsoft can offer to their hundreds of millions of enterprise customers that are working from home.

Someone from Microsoft's networking team needs to read this, and then watch Casey Muratori's rant about Microsoft's poor track record with performance: https://www.youtube.com/watch?v=99dKzubvpKE

Not surprising at all, it is just not worthwhile doing from project management perspective, regardless what a bunch of people on Internet think about it.

Or Microsoft doesn't always make perfectly ideal project management decisions.

Or Microsoft doesn't have a VPN team any more, and hence no project managers to make management decisions for them.

I'm not even kidding that much, the DirectAccess team appears to have been disbanded and all of the open issues were unofficially put in the "will not fix" bucket. I suspect the Always On VPN team is one guy, but probably not working on it full-time.

True, however we can only evaluate that when having full knowledge of the decision process, development costs and business value.

I regularly saturate a gig internet connection to my Colo a few states over using the built in windows IPsec client just using a standard laptop.

Not that it's a particularly amazing VPN stack but 15-30mbps says you just ran into a corner case issue regardless which VPN stack it is.

"... with a crossover cable..."

Many years ago, I once brought a crossover cable from home to the office to do some data transfer from a workstation to a company-issued laptop. The IT department issuing the laptop, being lovers of all things Microsoft, claimed crossover cable was "obsolete" due to auto-sensing used by Windows.

I am just another dumb end user, I do not work in IT, but I still get faster data transfer between two computers with crossover cable than by going through a third computer, or God forbid, over Wifi.

Sounds like crossover cable is not "obsolete" after all. Who would have thought.

Microsoft's customers, e.g., IT departments, are arguably complicit in the sad "state-of-the-art" you describe. The best software I have ever used was written by volunteers. Money can't buy everything. As Microsoft has shown, it can certainly buy customers.

As a sibling comment alluded to; the _crossover_ cable was obsolete, not the the ethernet cable. You can usually use a straight ethernet cable with modern devices, you don't need a crossover cable. The auto-sensing they were talking about is what's built into the NIC, and it detects how the pairs of pins in your cable are being used.

Have you tried connecting two computers with just a patch cable? With the auto-sensing Ethernet ports, it works as if the cable were a crossover cable.

I believe this is only true for gigabit - though almost any device today should be?

Auto-MDIX was starting to become the norm on nicer hardware when GbE started gaining adoption, and the MDI layer of GbE effectively obsoletes the concept of MDIX by specifying that pairs must always be probed. This was sort of required due to GbE requiring four pairs while Fast Ethernet required two, it is sort of expected that a GbE interface will encounter improper cables and it needs to detect that to degrade to Fast Ethernet.

So for GbE it's all but guaranteed, for Fast Ethernet it depends on how much money the device vendor was willing to spend on the interface, basically. Later laptops should be pretty reliable.

Or course none of this has anything to do with Windows, it all happens at a hardware level which can sometimes make investigating problems a bit painful.

Not all auto-MDIX ports are gigabit, but almost all gigabit ports have auto-MDIX.

I'll admit that I don't know if it would have worked then. And it has only been recently that I have got two computers which both have gigabit ports. I don't remember ever using a crossover cable as I always had a switch. I do remember having to manually assign IP addresses in that configuration as it didn't have a DHCP server to assign them.

Seems like folks replying and voting may have assumed I was always using recently purchased hardware. That would be an incorrect assumption. Sure, there's auto-sensing in some newer hardware and Windows may support it, but that does not mean crossover cable does not work, too. They both work. Neither is obsolete, but only one works with older hardware.

Wonder why the parent comment I was replying to mentioned crossover cable in particular. If it's obsolete why mention it.

You are confusing two different conversations. Your IT department are the ones that used the language "obsolete", because they likely knew that the laptop (which they provided) supported auto-sensing and therefore there was no need for them to provide you with a special cable to achieve a direct PC-to-PC ethernet connection.

Whereas the parent comment probably only used the language "crossover" because they were trying to be explicit about the fact that they are talking about a direct PC-to-PC ethernet connection. Not because crossover wiring is actually necessary to make that configuration work.

Furthermore, support for auto-sensing has nothing to do with the OS, or Microsoft.

First, I provided the cable. They were commenting on the idea of using a crossover cable, not a request for one.

Second, you are guessing what the commenter meant by crossover cable. I think he meant crossover cable. There is nothing to suggest otherwise.

Third, I never said auto-sensing had anything to do with the OS or Microsoft. I said the IT department loved Microsoft. You got confused and made a connection between the two.

This thing with Microsoft Windows is that it encourages the user to upgrade their hardware. Whereas I prefer NetBSD as a personal OS, and it does no such thing. Not every computer I own has auto-sensing nor a particularly fast NIC.

The questions I raised are 1. whether crossover cable still works (with both older and newer hardware) and 2. whether it is faster than alternatives.

Is it slower. IME, no.

I am just trying to explain why your comment is grey. To be clear, there is no speed increase from using a crossover cable instead of a straight-through cable together with auto sensing.

But is it slower. I never said it was faster than using auto-sensing. I said it was faster (for me) than using a third computer or using Wifi.

Plus you are (again) ignoring the situations where it's an older computer that does not have auto-sensing.

True or false: Crossover cable is more versatile for direct data transfers and is not any slower than using auto-sensing.

AFAICT, there is nothing wrong with crossover cable. If there was, methinks the parent commenter wouldn't be mentioning it on HN.

I do not see grey because I use a text-only browser. It's all the same color (except italics), just how I like it. :)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact