HI
I have a hex refresh that i have connected to a 1G internet connection. the problem is that the download is only about 100M, but the upload is 940M. the ISP is connected to port eth1. i have the default configuration in use. isn’t fasttrack on by default? when i look at the IP/setting menu, fasttrack doesn’t show up as active. any ideas why?
Check if the port is linked at 1G, could be bad cable even
What does /ip settings print display?
What is the CPU usage while doing these tests?
How exactly do you test?
Hi
I also bought 5 hex refresh routers and I have the same problem with each one. ISP is 1G/1G. Download is ~100mb and upload is 940mb. I use eth1 as wan port. If I change eth2 as wan port the speed is better, but this way I can’t use poe in option. I have tried the device with default configuration and with completely empty configuration except bridge to which I have added all ports. Download speed does not increase above 100mb in any situation.
- Did you just hijack your own post? Damn
- A wild guess would be to try flow control.
How do you get 940Mb upload??? Thats amazing… No firewall rules???
Like normis said, check your eth1 port connection rate. In WinBox go to Interfaces - ether1 - Status. It should be 1Gbps full duplex.
You said something about the bridge you added. Please post your bridge configuration, clean up MAC addresses and serial numbers.
/interface/bridge/export
Or you can just try truly default configuration, no changes.
hEX refresh can route 1430 Mbps based on the official test results when using large packet size.
the same problem, default configuration, also the port works only with autonegotiation (1G full duplex), manual setting 1G T-full turns off the port. I tried to write to support. their answer was that this is not an indicator and tcp, udp is more expensive, firewall, etc.. blah-blah-blah. I’m tired. now looking for an alternative to this hex refresh.
Auto-negotiation is required for 1G BASE-T https://en.wikipedia.org/wiki/Gigabit_Ethernet#1000BASE-T
If the issue is not with hEX (very likely not), the issue won’t go away. I would suggest trying to get to the bottom of it. How exactly do you test? Speedtest.net?
Do you have any proof the ISP actually supplies that speed? Can you plug in a PC directly to the ISP box and run the same test? This will tell you right away if hEX has anything to do with the issue.
hmm, so then I don’t understand the behavior of some devices, for example, I take hex refresh and ax2, I connect both devices ether2 - ether2,
now on ax2 I do ‘/interface ethernet set [ find default-name=ether2 ] auto-negotiation=no’ and the 1 Gbit connection is successfully established, I return auto-negotiation back, now I try disable it on hex and the port drops.
unfortunately this is a hex refresh, 7.18.2 in default configuration, and this is not the only problem, for example, turning on l2tp\ipsec immediately reduces the speed to 200-250 mbit
I tried to find out if the support service was able to reproduce these problems, especially since they do not require configuration, but I still have not received an answer. Judging by my experience in previous requests, I think that either the support service does not have access to their own devices, or I was unable to move beyond the first line support and got stuck on the outsourced support
Interesting using large packet size has never given me accurate results but the smaller 512 byte size does match my real world results much more closely for quite a wide number of MT products.
Wonder what has changed with the refresh model??
You still haven’t specified how you are testing. You are providing information that was not asked for (e.g. your claim that enabling l2tp/ipsec reduces performance, but again not providing enough information for anyone to reproduce your findings).
If you are serious about finding out what the issue is, please provide enough info so someone else can independently reproduce what you see.
I am trying to understand “I tried to find out if the support service was able to reproduce these problems, especially since they do not require configuration”
I can parse the “since they don’t require configuration” in multiple ways. For example, does “they” refer to “these problems” or does “they” refer to “support services”.
How is it possible to reproduce the specific problem without being able to reproduce the environment?
Read How to Report Bugs Effectively for some guidelines. Pay attention to the last two sections especially.
I just noticed in the image you posted that this was a pppoe connection. That may be significant.
I also just noticed the PPPoE part. The OP keeps saying they use the default configuration. Well, PPPoE is not the default configuration. It might be a minor change, but what else was changed from the truly default configuration? We simply don’t know.
@OP, if you really want people to provide some help, you should post your configuration. Otherwise it just becomes another rant on the Internet rather than request for help.
You are correct, I believe the 512 test is a good one for real world results. But speed test sites are not “real world”, they are probably using the largest possible packet size. I just did a speedtest.net test while watching sniffer. Packets were 1514 bytes as seen on the Ethernet interface.
This is why it’s important to understand how the speed is measured, one of the many questions the OP refuses to answer.
mikrotik hex refresh, 7.18.2, reset, quick setup: internet pppoe, everyone can see the resulting configuration /system default-configuration print
and now, how to make a problem, add and run some file download, for example, https://sto-se-ping.vultr.com/vultr.com.1000MB.bin, the speed should be more than 300-400 Mbit, and now just turn on and off l2tp\ipsec (/interface l2tp-client add connect-to=1.2.3.4 ipsec-secret=12345678 name=l2tp-out1 password=123456 use-ipsec=yes user=ppp1 disabled=no)
hex refresh is a pretty interesting device, it is cheap and does not have high performance, but is still very raw, there is also no adequate choice of firmware, since if you want to use ipsec you are forced to start with 7.18.2, but then you will get 250 Mbit pppoe Internet when using l2tp\ipsec. support, asked to try 7.19 beta, and I tried it, in 7.19 beta the problem is slightly different, just turning on or off l2tp does not lead to a drop in speed, but if I try to use l2tp\ipsec when i have download more 400-500 Mbits, then in this l2tp the speed will not rise more than 15 Mbit, and it turns out that it is better to stay on 7.18.2, replace l2tp with ipip\ipsec and then I can use both the Internet at 500 Mbit and l2tp connection at 100 Mbit.
I do not want to be a beta tester, when none of you even tries to reproduce this problem, or is engaged in empty talk in the absence of the device itself on hand,
It’s hard for me to translate, English is not my native language. It’s hard for me to try, because for example the same ax2 is a pretty expensive device for me and I don’t have it, I have to go and borrow it, reset it, configure it, try the options suggested by you, the support, while none of you even tries to reproduce the problem yourself.
Liina, this is NOT your thread, it was started by Hiutale, suggest you start your own thread, to narrow down your specific issues and get assistance.
In other words, we are not focussed on your problems in this thread, so getting upset here, is not going to get you anywhere.
Hello everyone and thanks for the replies and my apologies for the confusion at the beginning.
I checked the eth1 status and the port is working at 1G speed.
I did speed tests with Ookla software.
First with the Hex Refresh device which only had a basic configuration. CPU download is 4%. Upload is 45%.
After that I connected the computer directly to the wan cable.
The problem is clearly related to the eth1 port of the Hex Refresh. When I set the wan port to eth2, the speed was almost at maximum.
Here is my default config.
# 2025-04-29 08:48:09 by RouterOS 7.18.2
# software id = RW1I-CEKP
#
# model = E50UG
# serial number = HH90A3A4FSR
/interface bridge
add admin-mac=F4:1E:57:6C:28:B0 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] mac-address=F4:1E:57:6C:28:AC
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge name=defconf
/disk settings
set auto-media-interface=bridge auto-media-sharing=yes auto-smb-sharing=yes
/interface bridge port
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge interface=ether2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan type=A
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip smb shares
set [ find default=yes ] directory=flash/pub
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" dst-port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=fasttrack-connection chain=forward comment="defconf: fasttrack6" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/system clock
set time-zone-name=Europe/Helsinki
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
