VSAT VPN Acceleration

We are pondering a solution that would meet the following requirements:

• Devices on a few hundred remote sites with VSAT and sometimes LTE must connect back to the corporate network.

• We don't own the VSAT, or the LAN on site, but rather share it with other companies.

• We own and operate devices on the remote LAN and require remote access into them. We are looking at creating our own isolated LAN within the site for industrial/IoT related equipment and tunnelling it back to corporate.

• VSAT links mean RTT of ~650-800ms.

• GRE over IPsec style VPNs are problematic since they eliminate all of the benefit of the VSAT providers TCP optimizations such as spoofing ACKs to avoid TCP slow start. Anything running inside of a VPN that encapsulates the original TCP header will have terrible performance.

• SSL VPN is workable since the original TCP header is intact and can benefit from TCP acceleration. Currently our corporate devices at these sites use SSL VPN to contact home.

• The other alternative is to use our own solution for WAN optimization on each end of the tunnel to avoid the latency issues if we cannot take advantage of what the VSAT provider gives us.

Is anyone else doing something similar? How did you do it? Are there solutions for dynamic routing protocols on SSL VPN at the scale of hundreds of sites? Are there flavours of SD-WAN out there that solve the 650-800ms + TCP problem?