how much throughput should I expect to lose over a VPN connection?

Assuming you have a sufficiently fast processor on both ends of the device terminating the VPN, you shouldn't see much of a change in throughput at all. Throughput is the amount of data that can be transmitted during a certain amount of time.

Most VPNs do not really drastically change the size of the payload, and don't add that much additional overhead. An overhead of 10-15% might be reasonable, but a 55% overhead is not.

What is more likely is that your VPN is simply increasing the time it takes for a packet to be transmitted from the source to the destination. Additional latency can make certain protocols perform worse. Windows file sharing (CIFS aka SMB) is extremely sensitive to latency.

If you are trying to use CIFS over a VPN, you basically have to give up on the idea that you will be able to see your full capacity used.

Probably the best tool to test performance is iperf.


There are a number of factors that can affect VPN slowness. Most (if not all) are out of your control. If your connection is fine outside of a VPN connection, what does that tell us about VPN? Either we have a software issue (a configuration setting, potentially conflicting software, maybe a software firewall or a over-eager security app.) or we have some sort of network slowness. Beyond the local workstation and connection, there are other major factors. While ISPs will deny this, VPN traffic can be demoted... especially if you're not paying for a business connection. I may get some arguments from people with that comment, but I've seen it happen first-hand. Also, your Network Admin's VPN could be outdated, overloaded, or simply just not configured as well as can be.

To answer the BandwidthPlace question: No. That's not a good test.

Some VPN connections force users to funnel ALL traffic through the VPN, even locations outside of the destination VPN. In english: If you browse to serverfault.com without VPN: you go from your connection through your ISP to serverfault and back again. Using VPN, if you browse to serverfault.com, you go from your connection through your ISP to your business then to their ISP to serverfault.com and back again. That's a ton more hops! Ask your Network Admin if they have Split Tunneling enabled. This allows some non-business traffic to pass normally and not through the VPN connection.