Hello, i have a VPN connection between my 2 houses.
When i made the connection with the 2011 version, he got 100% CPU and 6,7MB/s speed.
When i copie exact the same configuration to the CRS125-24-1s-2hnd, the CPU is max 50% and the Speed 2-3MB’s.
Is there a limit for VPN into the CRS? i would like a full speed connection with the CRS.
could someone help me?
greetz
Bart
What kind of VPN are you using?
The CRS is a Switch which can do light duty routing tasks, though the funny thing here is its throughput is half 2011’s but its CPU its also 50%…
How did you copy the configuration? What are the RouterOS versions? What about firmware versions??
Hello, i allready tried LT2P and PPTP.
Hmm, so the 2011 is much better? you recommend to switch it?
Because this is to slow. Strange, because i thought the CPU must be 100% when he is ‘working’ 
Yes, RB2011 is a rather capable router for SOHO environments.
The 50% CPU thing also makes me think there’s something fishy.
Do you have complex firewall filter/nat/mangle rules??
What happens if you use a regular IPIP tunnel? (Guess you have a router at each house?)
I have a 2011 at 1 home, and the crs at my other home.
when i download without the vpn (the same file from the same place) its fast.
when i use the vpn, its slow. I allready played with the MTU, the same result 
The strange thing is, when i put EXACT the same configuration to the crs, there is a problem. When i made a new configuration, its slow to.
I dont have a lot of rules. Maybe 10. But then also, the cpu is strange, isnt it?
Did you reset the CRS to no defaults prior to importing the configuration? How did you transfer it?
Yes i tried it with a new installation. same problem. I dont use priority’s.
which setting do i have to check?
Maybe the interface queues are not the same?
the problem is people trying to use CRS like another routerboards.
CRS its a different device
of course you can use embedded cpu but you have to do the switching configuration, that configuration its a little complex and have issues with scripting, because that have to do it manually step by step.
If you want routing vpns etc please use the rb2011
if you want switching use the CRS.
Yeah. This is what I am wondering still and again. It’s maybe not only the user’s fault but also the mikrotiks, because they mixed words switch and router into one device type name. This should not happen.
yes a big marketing error promoting CRS as a layer 3 switch
CRS is not a layer 3 switch, CRS is a layer 2 switch plus a embedded router for management purposes and limited performance routing because managing and monitoring switch operation takes at least 10% of available CPU time (this is a normal behavior on switches).
but dont misunderstand me, integrating a router on a switch its a powerfull tool, routeros provides powerfull management and monitoring tools never seen on a smart switch of any brand.
Another problem is the lack of proper documentation focusing on CRS like a very similar device to another mikrotiks, but surprise its very different.
Another issue is router os community do not fully exploit the functionality of previous model integrated switch, its a good trial before taking on the CRS more advanced and complex switching features.
The concept of a master port symbolizing switch cpu can be confused because from router perspective the master port is the connection or boundary between router and switch chip, but from switch chip perspective the switch cpu (not the port used as a master port) is the point of this connection or boundary.
Because that we see people making software bridges on CRS models, that is absurd, buying a device capable of layer2 hardware switching and then trying to configure it to do software bridging, or enabling software queues to mitigate a bad configuration.
In my case take me approximately 40 hours of testing to understand how to properly configure 2 CRS 125 using 2 vlans plus another vlan to manage the switch, storm control to prevent a loop blocking the switch, dhcp server screening, and doing basic routing between 2 vlans using fast path routing +100mbps without packet loss or saturating CPU, and without using software queues on interfaces.
I am sure that a more expert guy can do it in much less time.
I am also burning hours by tryouts, because only in laboratory and then in real network it is possible to reveal all things how they work. For me it is hobby, but I understand those that just buy something and want it working immediatelly without any knowledge. Unfortunatelly, mikrotik devices are not for them.