We were very excited about the support for udp ovpn tunnels because of the possibility for greater speeds. But when I tested the speed over different tunnels, there was no difference between the TCP and UDP tunnel.

I tested with 2 x RB951G-2HnD with ovpn tunnel in between. Behind every RB there was a laptop with iPerf and a Gigabit ethernet port.
The results of the test can be found in the attachments. The difference between TCPovpn and UDPovpn is very small. I also did a speedtest over the ovpntunnel (behind isp connection of 250 Mbps) and there is very little difference in the overal speeds (TCP got faster speeds than UDP).

Is there a reason why the UDPovpn tunnel isn't faster than the TCPovpn tunnel or is this a bug?
Did someone else already do some testing on the UDP tunnel?

I guess the device's CPU is the limiting factor here.

On a perfect private network (ethernet cable between two routers, or a simple switch ethernet network), there is no behavior that would case tcp to be slower.

If you had tunnels over the Internet, an occasional (and normal) lost packet, TCP and UDP will change speed/behavior very differently. Let's say you have a TCP traffic inside a TCP tunnel and there is a moment of packet loss or delay perhaps because of congestion; it's going to amplify the reaction of the TCP behavior. TCP over lossy UDP will be more normal TCP response for the tunneled traffic.

Nonetheless, if you are not in need of every last bit of speed, the TCP openVPN is still very usable.

You would need to cause some congestion in your testing, perhaps by a third mikrotik and/or test features.

I thought I would post this stuff here, as it seems somewhat on topic.

Hap AC^2 OpenVPN UDP.

Seems mostly good, seems a nice way of connecting to devices through NAT.
As mentioned elsewhere, push routes would be nice.
**Hardware encryption support would be great**
Perhaps AES-128/256-GCM

I was able to get 14Mbps with AES 256, and around 100Mbps unencrypted
through a link (Fast windows client)

Putting an AES256 IPSEC encrypted L2TP link inside an un-encrypted OPEN
VPN link, (No IPSEC Nat traversal issues), I was able to easily get 60+ Mbps
through the L2TP link inside the OpenVPN link. Using Windows as the client, nice that I was
able to do this from Windows, but still kind of Ugly.

I thought I would post this stuff here, as it seems somewhat on topic.

Hap AC^2 OpenVPN UDP.

Seems mostly good, seems a nice way of connecting to devices through NAT.
As mentioned elsewhere, push routes would be nice.
**Hardware encryption support would be great**
Perhaps AES-128/256-GCM

https://wiki.mikrotik.com/wiki/Manual:IP/IPsec
The hAP ac2 CPU already has Hardware support for AES-CTR and AES-CBC (128 and 256).
Thus, AES256-CBC would be a much better fit.

The hAP ac2 CPU already has Hardware support for AES-CTR and AES-CBC (128 and 256).
Thus, AES256-CBC would be a much better fit.

Yes ok, I'll have that please :)

Thanks for all the replies! I will do some testing over the internet to see if it makes any difference in speed and post back here.

For me increasing size of queue used by OpenVPN do the job.

by default, OpenVPN uses pfifo type queue, with queue size ~50packets.
Make your openvpn interface static (if the link comes up, do copy and rename it).
Now you have an interface, where you can change interface queue.

Make a new queue type called openvpn-default, with type pfifo and size ~250
set this queue type for openvpn interface.

After doing this, speed is much increased.
Keep in mind: do that for both sides, unless doing it, the speed will slow in that direction.

Other way is setting queue size for "default" queue to 250. (on both sides)

Please refer if that helps.

viewtopic.php?t=146103