Microsoft is investigating major speed issues affecting L2TP/IPsec VPN connections after installing recent Windows 11 updates.
According to reports from Windows users and administrators, the connection bandwidth issues were first caused by the optional KB5025305 April 2023 non-security update.
Redmond rolled the same fixes and improvements bundled in the KB5025305 preview update into the mandatory KB5026372 cumulative update released during this month's Patch Tuesday, causing the connection issues to be experienced by a larger number of Windows users.
Based on reports seen by BleepinComputer since the updates have been available, both updates are triggering the L2TP/IPsec VPN speed issues after deployment.
"No problems connecting to the VPN, just once you get in the speeds are extremely slow and RDP basically just times out. A quick search of the web confirms that KB5025305 causes speed issues on L2TP/IPsec VPN," one Windows admin shared on Reddit.
"Our users are facing this, with a strange oddity: a group of 5-6 users is able to get 100m down and 80m up speeds, but the vast majority get sub 1m down and sub 1m up speeds," another admin told BleepingComputer.
Additional user reports reveal that, apparently, this issue affects only Wi-Fi connections, with wired ones not impacted by the speed drop.
"Microsoft is aware of the issue and is looking into it," a spokesperson told BleepingComputer on Monday after contacting them about the speed issues.
Temporary fix for Windows 11 VPN speed issues
While there is no way to work around this on affected Windows 11 systems until Microsoft provides a fix, Windows admins have reported that uninstalling the problematic updates will address the issue
"To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages," Microsoft says.
However, it's important to note that Redmond bundles all security fixes into a single update and, thus, removing the KB5026372 cumulative update will also remove all fixes for recently patched security vulnerabilities, even though it may also resolve the VPN speed issues.
The KB5025305 optional update also triggers SSD slowdown issues affecting write speeds, according to some user reports, while others are encountering stuttering and performance problems in games.
In mid-January 2022, Microsoft released emergency out-of-band (OOB) updates to address L2TP VPN issues when attempting to connect using the Windows VPN client, caused by January 2022 Patch Tuesday updates.
Comments
zamroni - 1 year ago
Windows 11 is basically still in beta version quality.
Stay on window 10 unless you are using Intel 12+ gen processor
TheServerNinja - 1 year ago
Installing Glasswire or Wireshark seems to 'fix' the issue whilst installed.
Also only seems to affect vpn over wifi. Ethernet seems to be OK.
jpprice123 - 1 year ago
Has there been any update to this fix? We are unable to remove this patch as it is not an option.
serghei - 1 year ago
No fix yet. Microsoft hasn't even added the issue to the Windows release health tracker.
jpprice123 - 1 year ago
Well this is unsatisfactory. They are really screwing over a lot of people. I do know for a fact though, the Glasswire software does fix it, as long as it is installed.
FBI1988 - 1 year ago
Unfortunately the next cumulative update has the same issue. Now uninstalling update KB5027231.
When will microsoft fix this? Now uninstalling the last 2 monthly patches which raises security concerns.
StevenHardware360 - 1 year ago
Try going into services and enabling "routing and remote access" (set at automatic), then start. This worked for me and a few of my users and VPNs are finally back to normal.
Yakul1984 - 11 months ago
OMG, how the hell did you find this?
I just tested it on one machine and it works! I will test it with a few other users who have this problem. If it helps them all, I'm going to push this setting to about 1000 computers. Fingers crossed :D
justin-cxi - 11 months ago
Worked for me. I need to go turn on RRAS service on 3-4 others and see how they go. Probably gonna be fine, though.
Thanks for helping figure it out!