Michael HönnigMichael Hönnig

The Problem

I had severe problems with PulseSecure VPN (with a MacBook Pro). Direct WiFi connections seemed to work fine, but as soon as the VPN was active, connections to the intranet were super slow or stopped working at all. When using a proxy to access the Internet, nothing went through anymore, except short packages, e.g. a message sent through a messenger.

The Setup

My WiFi router sits one story below with a steel/concrete sealing in between. My MacBook is a bit further away than my Linux laptop with a monitor and KVM in between.

Most of the WiFI devices in my household connect via 2.4 GHz and only 3-4 via 5 GHz, including my MacBook. And without the VPN I never noticed any problems with my MacBook Internet connection.

I know well from my former apartment in Hamburg, what trouble ~10 nearby WiFi networks can cause. But I had this problem in a single home with no other neighbour’s 5 GHz WiFi in range and, according to my FritzBox WiFi router, without any other electrical noise in this frequency range.

My Experiments

The IT support for the VPN said, there is no issue on their side and such problems usually are caused by client side problems, which meant my WiFi or my WAN connection. Thus, I conducted a few experiments:

First, I wanted to check the stability of the connection (without VPN). After all, the VPN has to be tunneled through my raw Internet connection; and packet loss could lead to retries and somehow cause the VPN to disconnect. To have comparable results between Linux and MacOS without installing any extra tools, I used packetlosstest.com to verify my hypothesis. It showed a 3% package loss for my Linux laptop and 26% package loss for my MacBook. That’s quite a difference!

Next, I wanted to move my MacBook to the other side of my desk to test if the WiFi reception improves. For a surprise, as soon as I disconnected the USB-adapter for KVM + HDMI, the VPN seemed to work fine, the packet loss went down to 3%. Unfortunately, after reconnecting, it kept working fine! I switched the KVM to my Linux laptop and back a few times, and sometimes the VPN worked, other times not. Coincidence?

By the way, finally moving the MacBook to the other side of my desk did not improve anything.

The Solution ===

Then, I set up a WiFi repeater, using a different network name, right close to the MacBook in ~1m distance with just a stone wall in between, connected to the FritzBox router by a Develo Powerline. Now the VPN worked fine!

But the real surprise is, packetlosstest.com was still often indicating up to 30% packet loss, sometimes just 3% like on my Linux laptop. This meant, the package seemed not to be the cause of the problem, and I still have not found the real cause.

Anyway, the MacBook is now the only device connecting to this extra network. Maybe that is what makes the difference?

Any comments about this article are welcome on Twitter.