Page 1 of 1

NordVPN-IKEv2 slow NET speed

Posted: Fri Jul 12, 2019 10:25 am
by KiralyIstvanFot
Dear All, I tested the ikev2 connection(6.45.1 FW) to the NordVPN, but the respond and the speed too slow, but my net speed 1Gbit/300Mbit
With NordVPN the speed 110/30MBit, but very hectic, and the web pages sometimes load sometimes run it to timeout.

Somebody has any experience about this?

Or what is the most best VPN provider to the Mikrotik? I know the ovpn client is not working yet full functionally.

I used the mikrotik document: https://wiki.mikrotik.com/wiki/IKEv2_EA ... d_RouterOS

Re: NordVPN-IKEv2 slow NET speed

Posted: Fri Jul 12, 2019 4:54 pm
by sindy
Not enough information. Some routerboards support encryption in hardware and some don't, and for years IPsec used to be incompatible with fasttracking although newest (6.44+) RouterOS versions seem not to have this limitation any more. So post your configuration (if you're concerned about privacy, check my automatic signature below), the Routerboard model and RouterOS version are part of the export.

Re: NordVPN-IKEv2 slow NET speed

Posted: Fri Jul 12, 2019 4:58 pm
by msatter
That speed is not to bad. I am using PureVPN and I don't have muvh more (only IKEv2).

I stopped using it for serveral weeks now now because of the many renewalls during sessions.

Re: NordVPN-IKEv2 slow NET speed

Posted: Sun Jul 14, 2019 7:41 pm
by fruel
Did you remove your IPsec traffic from fasttrack? I just posted my config example for privateinternetaccess.com VPN (viewtopic.php?f=2&t=150179) connections where you can see it.

I had similar issues - speeds seemed fine initially but the connection were unstable and I got regular timeouts.
With the fasttrack exceptions I am getting now 287/48 MBit/s on a 300/50 connection. (with an RB4011)

Re: NordVPN-IKEv2 slow NET speed

Posted: Mon Jul 15, 2019 10:58 am
by KiralyIstvanFot
Did you remove your IPsec traffic from fasttrack? I just posted my config example for privateinternetaccess.com VPN (viewtopic.php?f=2&t=150179) connections where you can see it.

I had similar issues - speeds seemed fine initially but the connection were unstable and I got regular timeouts.
With the fasttrack exceptions I am getting now 287/48 MBit/s on a 300/50 connection. (with an RB4011)
I've too an RB4011. what You write about the fasttrack exceptions I didn't add to the firewall.

So this is what You think? And It's enough to the speed and timeout issues?

# basic IPsec fast track exception
/ip firewall mangle add action=mark-connection chain=forward ipsec-policy=out,ipsec new-connection-mark=ipsec
/ip firewall mangle add action=mark-connection chain=forward ipsec-policy=in,ipsec new-connection-mark=ipsec
/ip firewall filter add action=fasttrack-connection chain=forward connection-mark=!ipsec connection-state=established,related

Re: NordVPN-IKEv2 slow NET speed

Posted: Mon Jul 15, 2019 1:23 pm
by sindy
There is a specific problem associated to use of ipsec-policy matcher in /ip firewall filter or /ip firewall mangle rules when src-nat needs to be used to make the packets actually match the ipsec policy. The matcher doesn't anticipate future, it merely checks whether the packet's headers as they look like at the very moment when the packet is handled by the rule match to the traffic selector of any policy with action=encrypt. And when the packet passes through the mangle and/or the filter, the src-nat operation is not yet executed, so it doesn't yet match the policy which it will match once the src-nat will happen. So your rule set will not prevent those packets from making their connection fasttracked.

But as said earlier, it seemed to me that fasttracking stopped interfering with IPsec in the recent RouterOS releases, so maybe there is another reason for your lower-than-expected speed. So if you can stop all non-VPN traffic for a while, you can simply disable the fasttracking rule and try whether new connections through VPN will get faster. If you cannot get rid of the other traffic, the best criterion for exclusion from fasttracking seems to be the address-list used by the dynamically added src-nat rule - i.e. you'll add src-address-list=!that-address-list dst-address-list=!that-address-list to the action=fasttrack-connection rule. You can optimize that later, once you confirm that fastracking is the cause of the speed under expectations.

Re: NordVPN-IKEv2 slow NET speed

Posted: Tue Jul 16, 2019 6:54 pm
by Morphlingg
Dear All, I tested the ikev2 connection(6.45.1 FW) to the NordVPN, but the respond and the speed too slow, but my net speed 1Gbit/300Mbit
With NordVPN the speed 110/30MBit, but very hectic, and the web pages sometimes load sometimes run it to timeout.

Somebody has any experience about this?

Or what is the most best VPN provider to the Mikrotik? I know the ovpn client is not working yet full functionally.

I used the mikrotik document: https://wiki.mikrotik.com/wiki/IKEv2_EA ... d_RouterOS
Maybe problem with VPN's servers location. Sometimes VPN doesn't provide you optimal location. I have downloaded VPN from Veepn.com. It has 48 servers by the way. So i haven't any problems with connection and speed yet.