Community discussions

 
KiralyIstvanFot
just joined
Topic Author
Posts: 4
Joined: Mon Mar 25, 2019 9:41 pm

NordVPN-IKEv2 slow NET speed

Fri Jul 12, 2019 10:25 am

Dear All, I tested the ikev2 connection(6.45.1 FW) to the NordVPN, but the respond and the speed too slow, but my net speed 1Gbit/300Mbit
With NordVPN the speed 110/30MBit, but very hectic, and the web pages sometimes load sometimes run it to timeout.

Somebody has any experience about this?

Or what is the most best VPN provider to the Mikrotik? I know the ovpn client is not working yet full functionally.

I used the mikrotik document: https://wiki.mikrotik.com/wiki/IKEv2_EA ... d_RouterOS
 
sindy
Forum Guru
Forum Guru
Posts: 3496
Joined: Mon Dec 04, 2017 9:19 pm

Re: NordVPN-IKEv2 slow NET speed

Fri Jul 12, 2019 4:54 pm

Not enough information. Some routerboards support encryption in hardware and some don't, and for years IPsec used to be incompatible with fasttracking although newest (6.44+) RouterOS versions seem not to have this limitation any more. So post your configuration (if you're concerned about privacy, check my automatic signature below), the Routerboard model and RouterOS version are part of the export.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
msatter
Forum Guru
Forum Guru
Posts: 1117
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: NordVPN-IKEv2 slow NET speed

Fri Jul 12, 2019 4:58 pm

That speed is not to bad. I am using PureVPN and I don't have muvh more (only IKEv2).

I stopped using it for serveral weeks now now because of the many renewalls during sessions.
Two RB760iGS (hEX S) in series. One does PPPoE/IKEv2 and the other does the rest of the tasks.
Running:
RouterOS 6.46Beta / Winbox 3.19 / MikroTik APP 1.2.8
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
fruel
just joined
Posts: 4
Joined: Wed Oct 18, 2017 11:24 pm
Location: Vienna, Austria

Re: NordVPN-IKEv2 slow NET speed

Sun Jul 14, 2019 7:41 pm

Did you remove your IPsec traffic from fasttrack? I just posted my config example for privateinternetaccess.com VPN (viewtopic.php?f=2&t=150179) connections where you can see it.

I had similar issues - speeds seemed fine initially but the connection were unstable and I got regular timeouts.
With the fasttrack exceptions I am getting now 287/48 MBit/s on a 300/50 connection. (with an RB4011)
 
KiralyIstvanFot
just joined
Topic Author
Posts: 4
Joined: Mon Mar 25, 2019 9:41 pm

Re: NordVPN-IKEv2 slow NET speed

Mon Jul 15, 2019 10:58 am

Did you remove your IPsec traffic from fasttrack? I just posted my config example for privateinternetaccess.com VPN (viewtopic.php?f=2&t=150179) connections where you can see it.

I had similar issues - speeds seemed fine initially but the connection were unstable and I got regular timeouts.
With the fasttrack exceptions I am getting now 287/48 MBit/s on a 300/50 connection. (with an RB4011)
I've too an RB4011. what You write about the fasttrack exceptions I didn't add to the firewall.

So this is what You think? And It's enough to the speed and timeout issues?

# basic IPsec fast track exception
/ip firewall mangle add action=mark-connection chain=forward ipsec-policy=out,ipsec new-connection-mark=ipsec
/ip firewall mangle add action=mark-connection chain=forward ipsec-policy=in,ipsec new-connection-mark=ipsec
/ip firewall filter add action=fasttrack-connection chain=forward connection-mark=!ipsec connection-state=established,related
 
sindy
Forum Guru
Forum Guru
Posts: 3496
Joined: Mon Dec 04, 2017 9:19 pm

Re: NordVPN-IKEv2 slow NET speed

Mon Jul 15, 2019 1:23 pm

There is a specific problem associated to use of ipsec-policy matcher in /ip firewall filter or /ip firewall mangle rules when src-nat needs to be used to make the packets actually match the ipsec policy. The matcher doesn't anticipate future, it merely checks whether the packet's headers as they look like at the very moment when the packet is handled by the rule match to the traffic selector of any policy with action=encrypt. And when the packet passes through the mangle and/or the filter, the src-nat operation is not yet executed, so it doesn't yet match the policy which it will match once the src-nat will happen. So your rule set will not prevent those packets from making their connection fasttracked.

But as said earlier, it seemed to me that fasttracking stopped interfering with IPsec in the recent RouterOS releases, so maybe there is another reason for your lower-than-expected speed. So if you can stop all non-VPN traffic for a while, you can simply disable the fasttracking rule and try whether new connections through VPN will get faster. If you cannot get rid of the other traffic, the best criterion for exclusion from fasttracking seems to be the address-list used by the dynamically added src-nat rule - i.e. you'll add src-address-list=!that-address-list dst-address-list=!that-address-list to the action=fasttrack-connection rule. You can optimize that later, once you confirm that fastracking is the cause of the speed under expectations.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
User avatar
Morphlingg
just joined
Posts: 3
Joined: Tue Jul 16, 2019 6:28 pm
Location: Washington
Contact:

Re: NordVPN-IKEv2 slow NET speed

Tue Jul 16, 2019 6:54 pm

Dear All, I tested the ikev2 connection(6.45.1 FW) to the NordVPN, but the respond and the speed too slow, but my net speed 1Gbit/300Mbit
With NordVPN the speed 110/30MBit, but very hectic, and the web pages sometimes load sometimes run it to timeout.

Somebody has any experience about this?

Or what is the most best VPN provider to the Mikrotik? I know the ovpn client is not working yet full functionally.

I used the mikrotik document: https://wiki.mikrotik.com/wiki/IKEv2_EA ... d_RouterOS
Maybe problem with VPN's servers location. Sometimes VPN doesn't provide you optimal location. I have downloaded VPN from Veepn.com. It has 48 servers by the way. So i haven't any problems with connection and speed yet.

Who is online

Users browsing this forum: Bing [Bot] and 44 guests