Dear Mikrotik-lovers,
maybe somebody could give me a brain storming:
I am happy to provide more information about my configuration. For now, here is just the beef.
Setup: <CHR#1 P10> - - fiber 1000/500 (MTU 1500) …Internet… fiber 1000/200 (MTU 1492) - - <CHR#2 P10>
There is a WireGuard connection between the two CCR with a MTU of 1412 (1420-8 because of PPPoE).
Now I use Mikrotik TCP bandwith test:
From CHR#1 to CCR2216 directly: 500/200
From CHR#1 to CCR2216 via WireGuard: 500/200
From CHR#1 to CHR#2 directly via port forward on CCR2216: 500/200
From CHR#1 to CHR#2 via WireGuard: 64/200 (here is the problem!)
I have confirmed that direct and via WireGuard does give full network bandwith which is the two upstreams (500 and 200).
But: When WireGuard is forwarded from the CCR2216 to the CHR#2, there is a drastic speed loss from 500 to 64.
This works in both direction and with another installation I created. Iperf3 shows the same problem.
Curious is that if I create an EOIP over WireGuard and route my traffic over that, speed goes up to 350/200.
First thought was MTU, so I added a clamping rule onto the WireGuard interface, which did not make any change:
/interface list
add comment="Clamp TCP MSS on these interfaces" name=CLAMP
/interface list member
add interface=WG1 list=CLAMP
/ip firewall mangle
add action=change-mss chain=forward comment="Clamp MSS (outgoing)" new-mss=\
clamp-to-pmtu out-interface-list=CLAMP passthrough=yes protocol=tcp tcp-flags=syn
add action=change-mss chain=forward comment="Clamp MSS (incoming)" in-interface-list=CLAMP \
log-prefix=CLAMP new-mss=clamp-to-pmtu passthrough=yes protocol=tcp tcp-flags=syn
Any ideas what might be the problem that forwarding traffic over WireGuard slows down that dramatic?
Thanks for your input,
dksoft