VPN Speed Impact for Remote Workers
Run a Speed TestA corporate VPN is a security requirement at most companies, but it comes with a performance cost that directly affects your video calls, file transfers, and overall workday experience. Understanding why VPNs slow connections down — and how to minimize that impact — lets you work productively without waiting for IT to solve every slowdown for you.
Why Corporate VPNs Slow Down Your Connection
Three distinct mechanisms combine to reduce your effective speed when connected to a corporate VPN.
Encryption Overhead
Every packet of data travelling through a VPN tunnel is encrypted before it leaves your machine and decrypted when it arrives at the corporate server, and vice versa. This encryption and decryption consumes CPU cycles on both ends and adds bytes to each packet in the form of cryptographic headers. Modern processors handle this efficiently, but on older work laptops — or when the VPN protocol uses computationally expensive ciphers — encryption can account for a meaningful fraction of the throughput reduction. Lighter-weight protocols like WireGuard use the ChaCha20 cipher, which is significantly faster to compute than the AES-CBC used by older OpenVPN configurations, especially on processors without hardware AES acceleration.
Hair-Pinning: All Traffic Through Corporate Servers
By default, most corporate VPN configurations route all your internet traffic through the company's VPN gateway — not just traffic destined for internal systems. This is called full-tunnel or hair-pinning. When you open a YouTube video or join a Zoom call while on VPN, that traffic travels from your home to your company's server, then back out to the internet, then reverses path on the way back. If your company's server is located in a different city or country, you have added hundreds of milliseconds of unnecessary round-trip time to every packet. Your video call quality suffers not because of your home connection but because of this geographic detour.
VPN Server Capacity and Peak-Hour Congestion
Corporate VPN gateways are servers with finite throughput capacity. When every employee connects simultaneously at the start of the business day, or after lunch, those servers become the bottleneck. Your home internet plan may be 500 Mbps, but if 500 employees are all sharing a VPN gateway rated for 1 Gbps total throughput, each person's effective share is only 2 Mbps during full saturation. This explains the pattern many remote workers notice: VPN performance is acceptable at 7 AM but degrades noticeably between 9 AM and 11 AM.
Measuring Your VPN's Speed Impact
Quantifying the impact is straightforward and gives you concrete data to share with IT if you need to escalate a performance problem.
- Disconnect from the VPN completely. Close any VPN client software.
- Run a speed test at SpeedTestHQ using a wired Ethernet connection if possible. Note your download speed, upload speed, and ping in ms.
- Connect to the corporate VPN. Wait 30 seconds for the tunnel to fully establish.
- Run the speed test again from the same device and connection.
- Calculate the percentage retained: (VPN speed ÷ baseline speed) × 100. Repeat at 9 AM, noon, and 3 PM to capture peak-hour variation.
A result showing 80–90% speed retention is healthy. Anything below 60% warrants a conversation with IT about protocol options or server capacity. Below 40% retention during business hours is a significant productivity problem that IT should treat as an infrastructure issue, not a user problem.
Split Tunneling: The Most Effective Fix
Split tunneling is a VPN configuration mode that routes only traffic destined for internal corporate resources through the encrypted tunnel, while all other internet traffic goes directly from your home connection to the internet. When split tunneling is enabled, your Zoom call travels the shortest path to Zoom's servers rather than detouring through your company's building. Your Google search, your Spotify stream, and your email all reach their destinations without adding load to the corporate VPN gateway.
The performance improvement from split tunneling can be dramatic — effectively eliminating the hair-pinning latency penalty and reducing VPN gateway load simultaneously. The trade-off is security: IT teams that require full-tunnel VPN do so to ensure all traffic is logged and inspected for threats, even personal browsing on a work device. Ask your IT department whether split tunneling is permitted under your organization's security policy. In many companies the answer is yes for approved device types.
Protocol Matters: Choosing Speed Over Legacy Compatibility
If your IT team gives you a choice of VPN protocol — or if you manage your own VPN setup — the protocol selection has a significant effect on performance. Older protocols carry substantial overhead from their design era, while newer ones were built for speed from the ground up.
- WireGuard: The current benchmark for speed. Its lean 4,000-line codebase, use of modern cryptography, and UDP-only transport make it the fastest option available. Retains 85–95% of raw connection speed in most real-world tests.
- IKEv2/IPsec: Natively supported by Windows, macOS, and iOS without additional software. Fast handshake, efficient re-keying, and solid performance at 75–90% speed retention. The preferred choice for corporate MDM-managed devices where WireGuard is not yet standardized.
- OpenVPN over UDP: Widely supported and reasonably fast. UDP avoids the TCP-within-TCP retransmission problem, keeping speed retention around 65–80%. Still the default for many corporate deployments.
- OpenVPN over TCP: Reliable but slow. TCP's acknowledgment mechanism inside a TCP tunnel causes a compounding retransmission overhead called TCP meltdown. Avoid unless UDP is blocked on your network.
- L2TP/IPsec: A legacy protocol with double encapsulation overhead. Speed retention often drops to 50–70%, and the double NAT issues on modern home routers can cause additional instability. Should be replaced wherever possible.
Home Network Optimizations That Help VPN Performance
Even when you cannot change the VPN protocol or server, improving your home network reduces the baseline variables that make VPN performance worse.
- Use wired Ethernet: Wi-Fi adds 2–10 ms of base latency and introduces intermittent packet loss. Since VPN protocols must retransmit lost packets — and encryption makes retransmission more expensive — eliminating Wi-Fi loss meaningfully stabilizes VPN throughput.
- Connect to the nearest VPN endpoint: Many corporate VPN systems offer regional gateways. If your company's primary gateway is on the East Coast and you are in the Pacific Northwest, ask IT whether a West Coast or international gateway is available. Reducing geographic distance reduces round-trip latency proportionally — roughly 1 ms per 100 km.
- Enable QoS on your router: If you must run cloud backup or large downloads alongside a VPN session, set your work laptop to the highest device priority in your router's QoS settings. This ensures the VPN tunnel traffic gets first access to your upload bandwidth.
VPN Protocol Speed and Compatibility Comparison
| VPN Protocol | Typical Speed Retention | Latency Overhead | Corporate Support | Notes |
|---|---|---|---|---|
| WireGuard | 85–95% | Very low (+1–3 ms) | Growing — not universal yet | Fastest available; lean codebase |
| IKEv2/IPsec | 75–90% | Low (+3–8 ms) | Wide — native OS support | Best choice for managed devices |
| OpenVPN (UDP) | 65–80% | Moderate (+5–15 ms) | Very wide — most IT teams | Default for many corporate VPNs |
| OpenVPN (TCP) | 50–70% | High (+15–40 ms) | Very wide | Avoid — TCP meltdown penalty |
| L2TP/IPsec | 50–70% | Moderate–high (+10–25 ms) | Legacy — declining | Double encapsulation; replace if possible |