Community discussions

MikroTik App
 
Kazionator3000
just joined
Topic Author
Posts: 1
Joined: Thu Jun 11, 2020 5:29 pm

NordVpn extremely slow

Thu Jun 11, 2020 9:23 pm

Hello,
I am new to RouterOS as I bought hAP AC2 few days ago. I set up the basics and I wanted to get a VPN. I followed this instructions:
https://support.nordvpn.com/Connectivit ... ordVPN.htm / https://wiki.mikrotik.com/wiki/IKEv2_EA ... d_RouterOS
Everything except adding identity went smooth (don't know what was wrong with identity but I added it manually)... and I got the connection but it is unbelievably slow. It does not even load most pages.

My question is what did I do wrong or what else should I do that is not mentioned in the tutorials I followed?
 
colonelbeefies
just joined
Posts: 4
Joined: Mon Jul 13, 2020 1:40 pm

Re: NordVpn extremely slow

Mon Jul 13, 2020 1:47 pm

Apparently you have to remove IPSEC from fasttrack rules - viewtopic.php?f=2&t=150179
To summarise;
#Mangle rules to identify IPSEC traffic
/ip firewall mangle add action=mark-connection chain=forward ipsec-policy=out,ipsec new-connection-mark=ipsec
/ip firewall mangle add action=mark-connection chain=forward ipsec-policy=in,ipsec new-connection-mark=ipsec
If you have a fasttrack rule already, under general, Connection Mark (!) ipsec. Or to add the rule
/ip firewall filter add action=fasttrack-connection chain=forward connection-mark=!ipsec connection-state=established,related
Made a huge difference to my connection.
 
john4669
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Mon Oct 23, 2017 8:35 pm

Re: NordVpn extremely slow

Mon Sep 13, 2021 8:39 pm

I know this post is over a year old, but I am having the exact same problem. I tried the Mangle rules to bypass fast track for ipsec traffic and it made little to no difference. I have tried it both on my Audience at home and my RB951G-2HnD at work with the same result. Has anyone been able to resolve this?
 
User avatar
memelchenkov
Member Candidate
Member Candidate
Posts: 202
Joined: Sun Oct 11, 2020 12:00 pm
Contact:

Re: NordVpn extremely slow

Mon Sep 13, 2021 8:45 pm

Search this forum for 'mss fix', probably that is.
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: NordVpn extremely slow

Mon Sep 13, 2021 9:41 pm

Fastrack should be of and just first check by just disbling all fasttraking.

NordVPN has troubles with sending back ICMP 3-4 on some servers and the this won't help but always good to have.

viewtopic.php?f=2&t=154449&p=858086

You can set the MTU manually but my money is on the fasttracking with you.
 
john4669
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Mon Oct 23, 2017 8:35 pm

Re: NordVpn extremely slow

Mon Sep 13, 2021 10:59 pm

Fastrack should be of and just first check by just disbling all fasttraking.

NordVPN has troubles with sending back ICMP 3-4 on some servers and the this won't help but always good to have.

viewtopic.php?f=2&t=154449&p=858086

You can set the MTU manually but my money is on the fasttracking with you.
Thanks for the suggestion but disabling fast track all together didn't seem to make any difference. What's weird is Google comes right up along with some other websites, but many others including DuckDuckGo won't load at all. Again , same results on both home and work routers . Different ISP's and everything. I tried this which was suggested by Sindy in the link you posted as an alternative for the MTU issue but it didn't seem to help either.
/ip ipsec policy
move *ffffff destination=0
add action=none dst-address=192.168.88.0/24 src-address=0.0.0.0/0 place-before=1
I don't have an absolute need to use NordVPN at the router level but it would have been nice. The Android and Linux apps seem to work well enough.
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: NordVpn extremely slow

Mon Sep 13, 2021 11:40 pm

I mentioned this and NordVPN did come to me on this.
viewtopic.php?f=2&t=178150&p=877112

I have set to new-mss=1372 but you might start at 1232 and increase from there.

The line in /ip ipsec policy normally catches all ICMP 3-4 and convey them to the correct client. The problem is with NordVPN and some servers don't let through the returnin ICMP 3-4 and we have to fore a fixed MTU in mangle.
After this I had no problems anymore but it was working before with out setting a fixed MTU.
 
john4669
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Mon Oct 23, 2017 8:35 pm

Re: NordVpn extremely slow

Tue Sep 14, 2021 12:03 am

I mentioned this and NordVPN did come to me on this.
viewtopic.php?f=2&t=178150&p=877112

I have set to new-mss=1372 but you might start at 1232 and increase from there.

The line in /ip ipsec policy normally catches all ICMP 3-4 and convey them to the correct client. The problem is with NordVPN and some servers don't let through the returnin ICMP 3-4 and we have to fore a fixed MTU in mangle.
After this I had no problems anymore but it was working before with out setting a fixed MTU.
Thanks. I'm not very well versed with mangle. I gather that this line is changing the mss to 1372 if it has been previously been given the connection mark "NordVPN"? If so, how do I get it marked in the first place? Sorry for the dumb question...
 add action=change-mss chain=postrouting connection-mark=NordVPN connection-state=new log-prefix=MSS new-mss=1372 passthrough=yes protocol=tcp tcp-flags=syn]
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: NordVpn extremely slow

Tue Sep 14, 2021 12:07 pm

This posdible when use option 2 of the setup. I don't know if you point traffic to NordVPN based on IP address or connection mark.

https://wiki.mikrotik.com/wiki/IKEv2_EA ... the_tunnel

You can also see if and what connection mark is used by your setup by looking at the top line in NAT when you are connected to NordVPN.

If you use IP address then you should filter in my line on that source IP addrress.
 
john4669
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Mon Oct 23, 2017 8:35 pm

Re: NordVpn extremely slow

Tue Sep 14, 2021 4:26 pm

This posdible when use option 2 of the setup. I don't know if you point traffic to NordVPN based on IP address or connection mark.

https://wiki.mikrotik.com/wiki/IKEv2_EA ... the_tunnel

You can also see if and what connection mark is used by your setup by looking at the top line in NAT when you are connected to NordVPN.

If you use IP address then you should filter in my line on that source IP addrress.
Awesome! Thanks for the more clear explanation. Everything works great now including Duck Duck Go. I was pointing traffic based on an ip address list, so i changed your line to:
add action=change-mss chain=postrouting src-address-list=local connection-state=new log-prefix=MSS new-mss=1372 passthrough=yes protocol=tcp tcp-flags=syn
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: NordVpn extremely slow

Tue Sep 14, 2021 7:29 pm

Have fun with the working VPN and let's hope NordVPN will fix it soon and the line can be deactivated again.
 
User avatar
erkexzcx
Member Candidate
Member Candidate
Posts: 263
Joined: Mon Oct 07, 2019 11:42 pm

Re: NordVpn extremely slow

Sun Sep 19, 2021 9:29 am

Noone mentioned my guide?

viewtopic.php?f=23&t=169273

The only reason why NordVPN could be slow is because MSS/MTU size issues. All mentioned in the guide.
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: NordVpn extremely slow

Sun Sep 19, 2021 2:29 pm

Noone mentioned my guide?

viewtopic.php?f=23&t=169273

The only reason why NordVPN could be slow is because MSS/MTU size issues. All mentioned in the guide.
I would have done. However the cause is solely with NordVPN that have some servers of them not sending through ICMP 3-4.

Who is online

Users browsing this forum: dmconde and 43 guests