Hi, I’m new to configuring MikroTiks, I’ve got a MikroTik hAP ac2 (RBD52G-5HacD2HnD), which I’ve setup with L2TP vpn, and am getting about 14Mbps. If I connect to the same server via windows I get about 85Mbps.
I was under the impression the hAP ac2 was capable of faster, and toggled fasttrack and fastpath, but see no big difference.
Many thanks for any help in advance.
would be great to get some help with this. without vpn i get gigabit speeds, the moment i connect to vpn it drops to around 10 mbps, if i connect to the same vpn server via windows client I get hundreds of mbps. I specifically bought the ac2 for the hardware capabilities of vpn. but get the same vpn speeds as I did with my ac lite
So you’re trying to connect your MikroTik’s WAN to the L2TP server vs using client software for temporary L2TP VPN connections?
I’m troubleshooting L2TP IPsec server bottlenecks with these routers presently. Regardless of whether fasttrack is on or off (via disabling in the firewall rules) my Windows client connections (thus using SHA-1 and AES-128, which are supported for IPsec offloading by the Mediatek processor) can scale up to ~75Mb over the tunnel if I allow all traffic and benchmark using Speedtest.net.
The similar performance issue I see re: your numbers is when doing SMB file operations (using Totusoft’s Lan Speed Test to a Synology NAS share) across the tunnel which caps similarly in the 10-15Mb range. I could actually pull slightly higher SMB bandwidth on an old RB951G–which is a single core Atheros model with no offloading. All of these tests have been with RouterOS 6.47.1.
I’m transitioning to these routers since Ubiquiti Edgerouter’s entry models (ERL3 & ER-X) both speed cap at ~35Mb over the identical tunnel / client / MTU cfgs, but they do so for both types of traffic. Obviously the Mikrotiks (a Hex in this case, on 90Mb symmetrical fiber) have potentially superior throughput re: web traffic / Speedtest.net testing, but other traffic types like SMB bottleneck at levels below the Edgerouters.
The Ubiquiti ER-X is the same MediaTek platform as the Hex, but they admit to having broken IPsec offloading (for years now) thus the 35Mb is purely the processor & firmware / OS. The ERL3 has functional IPsec offloading, but is a lower performance Cavium processor so its SMB throughput over L2TP IPsec still caps at a similar level.
All MTUs for WAN and VPN tunnels have been independently confirmed to be non-fragmented, as I am managing these sites on a mix of ISPs and connection types (cable / fiber).
Maybe the work of this man can help you . He explains there vhat issues can lead to a slow vpn connection. Check if this is the case for your slow connection.
The video is here https://www.youtube.com/watch?v=fQokeBcrjdc
Thanks to Mr. Tarikin for clarifying to me some aspects of the vpn connection.