Hello ,I'm using a RB2011L
since I started using SSTP server in early November, the CPU load has progressively increased, even if no SSTP tunnels are active.
HIgh CPU load is due to SSL(tool profile)

If I disable e re-enable SSTP server, CPU returns to high load in a few seconds, even if no tunnels active.

Do you have any suggest to solve the problem, apart change Routerboard to a more powerful one?
thank you

stefano

Maybe it is a bit off topic but have you tried to use l2tp instead of sstp? You will get much better performance. And update to the latest stable version could maybe help too.

Thank you jarda,
L2TP (no IPsec) doesn't cause high CPU load. I used L2TP tunnels since a year ago, but I was planning to move to SSTP for encryption level.
Does L2TP (with IPsec) have the same encryption level?

TIA

I found that high CPU load is due to inactive secrets.

I've configured a dozen of users (ppp secret), usually all disabled. On the other sites, I have one Mikrotik router each site that try to connect via SSTP with my central router RB2011L
When I need do connect to one remote site, I enable that user, SSTP tunnel comes active and I can reach the devices on the remote site.

the remote routers keeps trying to connect but without success because its user is disabled

Higher the number of disabled clients, higher the CPU load.
Is this in you experience a normal behavior or should I check something?

Thank you!

For general purpose I use l2tp with mppe encryption without ipsec. The main difference is that sstp runs over tcp which makes it much slower when udp runs inside the tunnel.