RB2011UiAS-2HnD-IN optimizing VPN performance?

I’ve been learning about the RB2011UiAS-2HnD-IN, and I think it is fantastic.

I setup a VPN (RB2011UiAS-2HnD-IN as server, Windows 7 as client) using L2TP/IPsec and I’m getting about 10-Mbps which is very respectable for a $130 unit!!! I’m testing with both Lan_SpeedTest.exe and also by just transferring large files and watching throughput. I guess I should be finding CPU utilization somewhere, I forgot to go find where that is.

But I’ve read that the IPsec on this unit is limited to around 24-Mbps:

The Internet connections I’m using for testing are a 50/50 for the Win7 machine, and a 45/8 for the Mikrotik side. So I’m thinking that at least in one direction, I might be able to improve that 10-Mbps nearer the 24-Mbps.

http://forum.mikrotik.com/t/rb2011uias-2hnd-in-speed-with-l2tp/105378/1

So if I was interested in making my connection faster, would I be looking at the IP/IPsec/Proposals? Right now my Encr. Algorithms proposals are: aes-128 cbc, aes-192 cbc, aes-256 cbc. Unchecked are null, des, 3des, blowfish, twofish, cameilia-128 -192 -256, aes-128 -192 -256 ctr, aes-128 -192 -256 gcm. My PFD Group says modp1024.

So I could do trial/experimentation but figured I’d ask here first if there an encryption algorithm that is substantially faster than others but not null.

Thanks in advance!

Ran another test while checking my CPU utilization on my Mikrotik and the router’s CPU never went much above 50%, which seems reasonable given that I’m getting about half the VPN performance that this unit is supposed to be capable of.

Not sure if the Mikrotik prevents the VPN from over-utilizing the CPU or if my Win7 client with which I’m sending is capped around the 12.5 or 13-Mbps range or what.

But it is pretty interesting investigating it.

The RB2011UiAS-2HnD-IN doesn’t support hardware encryption so you can’t really get full speed performance out of it. I would suggest upgrading the device to a unit that does support hardware encryption.