Setting up a Container on the CHR is one way I thought of being able to run Ookla's command line speed test. But I've not set up containers on a MikroTik and looking at it right now, Containers are not an option in CHR.
Oh well, MassiveGrid has a network ticket open with engineering. I should hear back tomorrow what they say. Until then it's all speculation.
I think it’s the new /system/device-mode thing - to enable use of containers (and other features, like btest and traffic generator), you have to update the “device mode” accordingly and then “power cycle” (i.e. reboot using the data center management, not by command from within RouterOS) the CHR within 5 minutes to confirm the new settings. This is from one of my CHRs:
[me@myTik] > system/resource/print
uptime: 4w2h30m55s
version: 7.20.6 (stable)
build-time: 2025-12-04 12:00:39
factory-software: 7.1
free-memory: 730.0MiB
total-memory: 1024.0MiB
cpu: Common
cpu-count: 2
cpu-frequency: 1796MHz
cpu-load: 1%
free-hdd-space: 68.8MiB
total-hdd-space: 89.2MiB
write-sect-since-reboot: 54720
write-sect-total: 54720
architecture-name: x86_64
board-name: CHR QEMU Standard PC (i440FX + PIIX, 1996)
platform: MikroTik
[me@myTik] > container/print
Flags: S - STOPPED
Columns: NAME, ROOT-DIR, INTERFACE, MOUNTS
# NAME ROOT-DIR INTERFACE MOUNTS
0 S certbot pcie1/images/certbot veth1 LE_ETC
LE_VAR_LIB
[me@myTik] > system/device-mode/print
mode: advanced
allowed-versions: 7.13+,6.49.8+
flagged: no
flagging-enabled: yes
scheduler: yes
socks: yes
fetch: yes
pptp: yes
l2tp: yes
bandwidth-test: yes
traffic-gen: no
sniffer: yes
ipsec: yes
romon: yes
proxy: yes
hotspot: yes
smb: yes
email: yes
zerotier: yes
container: yes
install-any-version: no
partitions: no
routerboard: no
attempt-count: 0
Hmm...
I see what you are saying but I have tried:
/system/device-mode/update container=yes
OK. First time, it didn't do it. Now Container is set to yes. I don't see it in WinBox as a menu option but it does show enabled in /system/device-mode/print
So I guess I need to do it all from the command line...
Yeah, it's there in my local WinBox menu but not on the CHR menu.
Anyhow, I need to read up on the docs about creating containers, etc.
So the Container menu was not there on the CHR because I had not installed the Container package.
So, now I have successfully created a speedtest container on both my local 5009 and on the CHR so I can do straight comparisons.
Other than the containers seeming to stop pretty shortly after I start them I am getting some interesting results. From my 5009 out through my CHR I am seeing:
Speedtest by Ookla
Server: Kansas Research and Education Network - Wichita, KS (id: 20531)
ISP: Massivegrid
Idle Latency: 70.27 ms (jitter: 6.35ms, low: 62.84ms, high: 72.92ms)
Download: 107.04 Mbps (data used: 140.3 MB)
115.66 ms (jitter: 36.93ms, low: 69.62ms, high: 474.37ms)
From the CHR, I am getting drastically varying results...
This is the first test I ran:
Speedtest by Ookla
Server: Kansas Research and Education Network - Wichita, KS (id: 20531)
ISP: Massivegrid
Idle Latency: 36.16 ms (jitter: 0.15ms, low: 36.07ms, high: 36.47ms)
Download: 3098.95 Mbps (data used: 3.8 GB)
The container is stopping before I can really complete the test. I'm not sure why that is. But download speed there is very good.
Yet at another test server:
Server: Chisholm Broadband - Enid, OK (id: 20949)
ISP: Massivegrid
Idle Latency: 35.68 ms (jitter: 0.12ms, low: 35.57ms, high: 35.78ms)
Download: 517.96 Mbps (data used: 830.9 MB)
BIG difference.
But regardless of either server, I am getting roughly the same speed from my 5009 through the CHR of roughly 110 Mbps. Which is the slowest I have seen in any tests....
FYI, from my 5009, going through my ISP (no CHR) I get:
Server: Kansas Research and Education Network - Wichita, KS (id: 20531)
ISP: Comcast Cable
Idle Latency: 49.56 ms (jitter: 5.44ms, low: 44.55ms, high: 55.63ms)
Download: 700.83 Mbps (data used: 1.2 GB)
Server: Chisholm Broadband - Enid, OK (id: 20949)
ISP: Comcast Cable
Idle Latency: 46.30 ms (jitter: 1.90ms, low: 43.21ms, high: 48.80ms)
Download: 894.82 Mbps (data used: 1.4 GB)
So looks like going though the two MIkrotik routers using WireGuard really slows things down. I decided to check from my laptop using the speedtest CLI to the Kansas server. Here is through my ISP and through the CHR:
Server: Kansas Research and Education Network - Wichita, KS (id: 20531)
ISP: Comcast Cable
Idle Latency: 35.91 ms (jitter: 2.33ms, low: 35.69ms, high: 44.99ms)
Download: 2088.82 Mbps (data used: 3.1 GB)
46.18 ms (jitter: 4.02ms, low: 35.35ms, high: 72.76ms)
Upload: 257.98 Mbps (data used: 172.8 MB)
34.05 ms (jitter: 2.66ms, low: 31.40ms, high: 57.38ms)
Packet Loss: 0.0%
Result URL: https://www.speedtest.net/result/c/6c3cd619-bfcc-4230-85f2-d770c34184ff
Speedtest by Ookla
Server: Kansas Research and Education Network - Wichita, KS (id: 20531)
ISP: Massivegrid
Idle Latency: 70.72 ms (jitter: 6.67ms, low: 62.87ms, high: 80.84ms)
Download: 80.32 Mbps (data used: 118.8 MB)
112.32 ms (jitter: 32.10ms, low: 69.06ms, high: 235.74ms)
Upload: 194.27 Mbps (data used: 335.6 MB)
116.27 ms (jitter: 34.12ms, low: 69.38ms, high: 456.21ms)
Packet Loss: 0.0%
Result URL: https://www.speedtest.net/result/c/832828a1-53eb-443e-a805-4d47a927ec90
Seems like perhaps the "speed" problem is between the two instances of RouterOS. That's not a good look for Mikrotik....
One other thing I don't understand is that I have other routers that I have used to connect to my 5009 over Wireguard and I get very good connection speeds. I don't get this degradation in speed I see between the 5009 and the CHR.
Can you maybe post your CHR's & RB5009's redacted configuration again?
Yeah, I can post those again shortly. Let me get some time to edit them this morning.
Here's another interesting tidbit.
I have a couple other "travel" routers that I use to connect back to my home network. This router is made by GL.iNet and has a built in Wireguard function. I never seem to notice such slow speeds using this. But then I realized that I am always using it to connect back home over things like WiFi, cellular, etc which would not show maximum speeds.
So I took this router and connected its WAN port to the out of band port on my 5009. Speed test w/o Wireguard enabled came out close to a gigabit which for that router is probably reasonable. But with Wireguard enabled, I was only seeing speeds of 30 to 40 Mb/sec. While this is way lower than what I see when I normally make a Wireguard connection with this router (probably due to some firewall rules or something - no idea), but what is interesting is that the WIreguard connection drastically slows down the speed of the connection. I'm wondering if there is something in router OS that is not efficiently handling the encryption/decryption of the packets. The CPU load on my 5009 was minimal in all my tests. So it's not CPU load that is an issue here.
What I need to do is go to a friend's house or somewhere that I can get a solid wired connection with a high data rate to do a better test. I think something is getting mucked up with the WG connection but still. There appears to be a significant slow down over Wireguard and this seems to back up what I posted above yesterday...
Here's my config files.
Note to all: If you look at these, please no questions about the VLANs, why there's no DHCP pool for them, etc. Not germane to the topic at hand.
5009-1-6-25.txt (23.6 KB)
CHR-1-6-25.txt (4.0 KB)
I haven't taken a detailed look at the config files. I've only opened them and do a Ctrl+F to search for mangle and saw that you've not applied the change-mss rules to the WG_VPS interface, only to ProtonVPN.
Try first to apply the same rules to WG_VPS and also on CHR to wg1 to see if the performance gets better.
I did mention it in the post above 
No, I had not added that. I didn't think it was necessary with two Mikrotiks on each side. But let me try that. Good catch
And it didn't make much difference. Same sort of speeds in the 200-ish Mbps both directions.
I have a hard time believing that WG connections through RouterOS are that slow. I don't see it like that when connecting to ProtonVPN. I need to check what it's like from my travel routers on something that's not a WiFi or similar sort of connection.
But I have a hard time believing that other people are using this sort of connection and a CHR and have no issues with the speed.
I am going to start a new thread regarding WG bandwidth between two RouterOS instances, but let's just say that it looks like it is limited to the 300 to 400 Mbps range. There's a drastic slowdown and I have the data to show it.
What is odd, is that it's not a CPU capacity limitation. Throwing more CPU power at it doesn't help...
Oh sorry, last time I read the thread your post only had "let me try that" and I didn't catch the edit with the results (no notification from forum). Then I had a long weekend. I'll jump to your other thread and read the updates.