Hello,
We have WAN-link with 1Gbit/s throughput, but 40 ms latency.
iperf3 UDP test really can do 1Gbit/s almost lossless.
We have L2TP IPsec tunnel over this WAN-link:
LAN1—[CHR]—(l2tp_ipsec_vpn)—[CCR]—LAN2
Now file copy between LAN1 and LAN2 is only 6 MB/s maximum.
I try different aes modes (cbc/ctr/gcm), but but file copy speed does not increase noticeably.
Why IPsec tunnel do not use all 1G bandwidth?
What kind of file copy? If you’re trying to do Windows file sharing, it has terrible performance at higher latencies. There’s no real workaround, the protocol is just not meant for WAN use. Make sure both sides are set up for SMB3 if possible as this does provide some small improvement.
Yes, Windows share file copy.
I also tried vSphere vMotion, but it did not exceed 60 Mbit/s.
If using TCP you probably need to tune the send / receive windows. A single TCP connection has a hard time reaching maximum bandwidth over high speed links.
You can experiment with these settings: https://fasterdata.es.net/host-tuning/ms-windows/
RouterOS also has a single TCP connection bandwidth limitation somewhere, you can try disabling as many firewall rules as possible and seeing if it improves speed. This depends a lot on your hardware though and how many cores you’re using.