IpSec Printing Slow/Timeouts

petem · October 1, 2018, 7:26pm

I have an IPsec tunnel connected on a Mikrotik RB2011 and although everything works fine, printing is almost impossible. A simple test page takes at least 3/4 minutes to print, and if I try to pint any multi page documents they just time out.

I am only seeing this issue across printing. At the moment I am having to print to the external IP of the remote site and use port redirection, this prints quickly and as expected. Response times between the two sites are good, I am seeing on a ping 32/40ms replies. It just seems to be affecting the printing.

I am running the latest current version 6.43.2, is there any way to improve the speed of the printing.

petem · October 1, 2018, 7:43pm

The issue is actually all traffic through the ipsec tunnel. I have tested with RDP and the performance is terrible too.

emils · October 2, 2018, 6:38am

Try manually reducing TCP MSS using Mangle Firewall with action=change-mss

petem · October 2, 2018, 8:47am

It was the fasttrack firewall rule, if I disable that, throughput on the VPN tunnel works as expected.

What does the fasttrack rule do?

emils · October 2, 2018, 9:30am

https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack

FastTrack bypasses IPsec policy checking so traffic subject to IPsec policy checking should not be FastTracked.

https://wiki.mikrotik.com/wiki/Manual:IP/IPsec#NAT_and_Fasttrack_Bypass