Well it look like that really exist issue with ipsec vpn performance on Mikrotik devices.
I did some tests with following environment :
- on web server i placed linux kernel 200 megabytes file
- datacenter with web server have internet channel 1Gbit/s up /1Gbit/s down
- location with linux computer have channel 100mb/s up / 100mb/s down
- used command on linux computer wget -c https://web.server/linux-6.0-rc3.tar.gz
- both mikrotiks is CCR1036-12G-4S (ie more than enough resources)
if i use direct connection without vpn i get file download speed 10mb/s
if i use l2tp (max mtu 1400 , mrru 1600 ) + ikev2 with aes256+sha1 (default one) i cannot get file faster than 2.3 mb/s
In same moment when i do download of file and look cpu load on mikrotik i never have load more than 11 % on one cpu core. Most of time it 0-1%.
What i tried to experiment :
- adjusted mss , tried different sizes (from 300 till 1400)- not see dramatic speed increase
- configured mpls over l2tp - not see dramatic speed increase
- disabled mrru - not see dramatic speed increase
Only thing which increased speed was - disable ikev2.
any idea what else possible to do to avoid 5 times penalty due to ikev2 vpn usage ?