Hi everyone!
I’m running L2TP VPN Server on Mikrotik CHR over 1Gbps/1Gbps connection.
I’m running L2TP VPN Client on Mikrotik HEX S over 400Mbps/50Mbps connection.
I get slow VPN Speeds on VPN at about 100Mbps.
I know that it should related on IPsec encryption but I d’on’t kown what exactly to change, even on Server or Client.
Please help!
Thanks!
https://wiki.mikrotik.com/wiki/Manual:IP/IPsec
These 2 sources made my mind for my hex s:
Mtu=1400 both RB and CHR.
Ip-ipsec-proposals : modify default (or actual used) proposal:
Auth alg: sha256
Encr alg: aes 128 cbc
Pfs group: modp1024
Ip-ipsec-profile: modify default (or actual used) profile:
Hash alg: sha256
Prf alg: auto
Encr alg: aes128
Dh group: modp1024
Thanks!!! it seems to be better, I get around 120Mbps…
How to be sure that it uses Hardware encryption?
Do you use mangle or hard routes?
Mine hex s with mangling works at approx 100 mbit.
I had to buy 4011 to get higher speed.
Try to use wireguard. Is a bit faster.
What you mean by Hard routes?
And yes I have a lot of mangle rules to do “Queue Tree”
I’ve had this problem for a long time.. My testing, it is very related to the server’s processing power.
Hardware acceleration needs to be there, after that, the server’s CPU has a huge impact..
My CCR1036, the maximum is around 200 mbps.
CHR, with 8 cores on E5-2630 v2, ~400mbps..
CHR, VPS provider on 2 x Shared RYZEN 9 5950X seeing 750 mbps.
My CHR Server is a beast!
Dell PowerEdge R540 with Dual Xeon(R) Gold 6126, 128Gb.
CPU is not the bottleneck here!
at the other end it was a Mikrotik hEX.
I just replaced it for a MikroTik RB4011iGS+RM.
And switched L2TP VPN for WireGuard.
Much better! I get around 300-400Mbps!
thanks everyone!!
This probably made the biggest impact.