slow vpn connection two venues

ciberica · May 18, 2020, 12:00am

Hello friends.

I have connected two offices with two mikoritk routers and I have carried out 2 tests, both with the same result

1-test:
I have connected the headquarters B-> A with PPTP protocol, All the traffic leaves through the headquarters A through a static route. But the clients who are connected at headquarters B do not exceed 20 Mbs of download according to the page nperf.com.

2.Test:
I have connected the headquarters B-> A using the l2tp protocol, with ipsec and activating and deactivating “allow fast path” and the same thing happens to me.

If I perform a speed test from mikrotik B to A with the public IP, it gives me an average download of 300 Mbs, but if I do the speed test using the tunnel IP (10.0.0.1) for headquarters A and 10.0 .0.2 for headquarters B does not exceed 25 mbs

Has this happened to someone?

gotsprings · May 18, 2020, 4:44am

Which model?

minks · May 18, 2020, 6:44am

If you use any model (HW) that not provide aes acceleration - that results are normal

ciberica · May 18, 2020, 7:14am

El enrutador en la sede A con IP estadística que es la que aloja el servidor pptp o el L2TP el modelo es CCR1009-8G-1S-1S +

En la sede B que es el que hace la marca PPTP o L2TP (cliente) es un RB2011

THK

sindy · May 18, 2020, 7:23am

What are the upload and download speeds of internet uplinks at sites A and B? If you connect from site A to internet via site B, each packet goes through site B’s uplink twice.

What is the ping response delay when you ping from site A to site B’s public IP (no tunnel)? Long round-trip delays affect TCP speed.

With PPTP without IPsec, no encryption acceleration is relevant, so if it’s not one of the reasons above, it’s rather a weak CPU as such. RB2011 is not the right device for a 300 Mbit/s uplink.

ciberica · May 18, 2020, 4:33pm

The average ping from A to b after 100 units is 89 ms

Headquarters A - FFTH 600 mb symmetric Up and Down
HEADQUARTER B - FFTH 600 Mb symmetric up and down.

the average speed by means of bandwidth test without tunnel, is 289 Mbs down from B-> a and 301Mbs from B <-A

With tunnel it does not exceed 20 Mbs on average of B-> A and 13 of B <-A

sindy · May 18, 2020, 5:12pm

Post the config of the 2011, some configuration optimizations may help a bit, but I am afraid it is simply too weak to handle a symmetric 600 Mbit/s link. See the hint on anonymisation in my automatic signature below.

gotsprings · May 19, 2020, 10:58am

2011 is way to slow to hit 600 for just straight NAT. Pick up an hAP AC2. Much better processor and IPSec acceleration built in.

ciberica · May 19, 2020, 11:36am

attached the confirmation
conf.txt.rsc (3.19 KB)

ciberica · May 19, 2020, 11:37am

How do you explain that if I do a speed test at headquarters A without the tunnel with a speed of more than 200 Mbs?

gotsprings · May 19, 2020, 11:39am

Because you can’t fast track and actually have to route and use encryption, for what you asked

sindy · May 19, 2020, 12:03pm

But the configuration shows neither - fasttracking cannot speed up anything as the firewall is not there at all, and encryption is not used either.

Do I read it right that the main WAN is PPPoE?

gotsprings · May 19, 2020, 12:19pm

I can’t get anywhere near 600M on a download with PLAIN old NAT on a 2011. The idea of expecting a VPN tunnel to pass at that speed???

ciberica · May 19, 2020, 4:14pm

In this configuration the wan is in pptp “pptp-out 2” … which is the one that tries to give it more speed …

I have also tried L2TP but the speed is the same.

If I perform a btest from headquarters A to the public IP of B it gives me more than 200 Mbs if I activate the tunnel, (currently PPTP) and I create the route as default is when I cannot perform a btest at more than 20 Mbs.

What if someone sees something strange in the configuration that says it or explains here how to implement it, how to connect headquarters A with headquarters B and get a higher Btest?

Thank you