Hi,
I have got only 250-260 mbps through pptp connection on my ax2, is it a maximum?
Encryption turned off, cpu utilization about 35% and 100% on cpu0.
That looks weird for me, because encrypted WireGuard connection showing me almost the same speed per cpu
Firmware/routeros version 7.21.2.
Any advice? As far as I understand, it is impossible to enable multithreading in a pptp connection. Fast track doesn’t work, and fast path is not suitable either? It seems that the only solution is to change ax2 to ax3?
Post your configuration, instructions here:
to (hopefully) get some meaningful advice.
Generally speaking the Ax3 Is not that much faster than the Ax2, I would say roughly 15 or 20%, but of course It depends on what you measure and on your expectations.
The "quantum leap" Is with the RB5009.
Wireguard has multi-threaded encryption. Pptp doesn't.
Pptp is an older protocol that's considered insecure by today's standards. You're probably aware of this, but this is the basic reason why it's unlikely to see any meaningful improvement.
Pptp is also an l2 protocol, which may restrict throughput. Heavy mss clamping is a must to obtain better performance. This is basically the only meaningful thing you can do. It could add a further 50% or so.
Also, if you happen to have multiple clients, the liad is likely to tend to spread out to multiple cores.
AX2 has a frequency of 864 MHz, AX3 has a frequency of 1800 MHz, which should provide ˜x2 acceleration when performing single task where hardware acceleration is not supported, such as PPTP.
# 2026-02-20 02:18:13 by RouterOS 7.21.3
# software id = LL7Z-CA33
#
# model = C52iG-5HaxD2HaxD
/interface pptp-client
add add-default-route=yes connect-to=*** default-route-distance=20 disabled=no max-mru=1436 max-mtu=1436 name=AN user=***
set *FFFFFFFE change-tcp-mss=no on-up="/system script run pptp-restart" use-compression=no use-encryption=no use-ipv6=no use-upnp=no
add action=change-mss chain=forward comment=pptp_clamp new-mss=clamp-to-pmtu out-interface=AN protocol=tcp tcp-flags=syn
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
Fastpath (/ip/settings) is enabled. But in the pptp-client interface, FP-RX/TX=0.
I think that 250-260 Mbps is the maximum for this CPU+routeros, but I may be wrong.
I'm not sure that WireGuard has multi-threaded encryption because I see a significant skew in the usage of each core for a single WG interface & peer. It's probably not encryption, but anyway, that's not the point.
PPTP is not my choice, it's a kind of legacy. As for “Heavy mss clamping” — I'm not sure I get you, are you talking about “add action=change-mss”?
So, I got about 335 Mbps download (+ ~80 megabits) at 100% cpu0 and about 300 upload at 50% cpu0 after resetting hap ax2 to factory settings.
Then I restored my configuration and started disabling/editing settings one by one (also changing mtu/mru/tcp clamp and etc).
Most settings had no effect on bandwidth.
Three things that allowed me to get about 335 Mbps download speed:
Disabled IPsec policy and peer: + ~30-35 Mbps
Disabled routing tables + rules: + ~30-35 Mbps
Disabled Bridge2: + ~10 Mbps
Apparently, routing rules (lookup) need to be replaced with vrf. IPSEC should be set to manual control as needed. And networks should be separated using vlan.
I can't say I'm satisfied, but 335 is better than 255.
It would be interesting if someone ran a similar test on hap ax3.