Hi everyone !
I have some trouble with my VPN link
My setup are :
Office A, CCR1036, firmware 6.37.3, with fiber internet connection 100/100, local ip 10.1.1.254
Office B, CCR1009, firmware 6.37.4 with fiber internet connection 100/20, local ip 10.1.2.254
I have setup EoIP/IPSec between both CCR
If I do bandwidth test from CCR A to the CCR B with local IP (10.4.x.254), I have around 99 Mbps
If I use Linux on both side and use iperf, I have around 83Mbps
If I use Windows (xp or 2012) on one (or both) side with iperf, I have only 3Mbps
All test are done in TCP, in UDP I have 1Mbps
Someone have idea to point me in good direction to slove this issue ?
Thanks you
Sounds like a well-known problem with packet reordering on CCRs.
Have you tried to search the forum before posting?
Thanks for our anwser
After searching for “ccr packet reordering”, I found some topic about that
This topic (http://forum.mikrotik.com/t/is-re-ordering-fixed-yet-with-ipsec-and-hardware-acceleration-updating-thread/101814/1) regroup some post with workaround
Using anything else that AES-CBC to prevent using hardware acceleration solve this issue. Some people say to use AES-CTR.
But when I use it, my CCR1036 crash and reboot in loop until I remove AES-CTR from proposal in CCR1009
I finally set it to blowfish and it’s working, got around 50Mbps between Windows Station in TCP, but only 1Mbps in UDP
For anyone that have this trouble, an update to 6.39 solve this issue
From ‘man iperf’:
CLIENT SPECIFIC OPTIONS
-b, --bandwidth n[KMG] | npps
set target bandwidth to n bits/sec (default 1 Mbit/sec) or n packets per sec. This may be used with TCP or UDP.