Hello.
Currently I'am using VPN as client on Mikrotik RB2011UiAS-2HnD-IN, it's giving me speed 23 mbit/s downloading and 20 mbit/s uploading on old firmware, new firmware give 16/20. My WAN give 30/100. If i connect to VPN by Windows client, it give 30/80 mbit. I think to replace it with EdgeRouter Lite or Mikrotik RB850Gx2. There are equal CPU frequency/number of cores, but maybe anybody has compared they performance?
What maximum speed I can get on L2TP IPsec with AES-256 encryption on RB850Gx2? What router you can recommend for home using with hardware acceleration and more powerful CPU?

EdgeRouter Lite

Maybe you can try the new hex with RB750Gr3. It has Hardwarenecryption and should encrypt aes256 faster than your connection speed. But i have not tested it.

But keep in mind that you cant have more than one vpn user behind the same wanIP if you are using L2TP/IPSec.

I have RB850x2 but speed of upload VPN l2tp+ipsec aes256 = 20megabit/sec., and the client of Windows10 = 80 megabits/sec.
The processor isn't loaded also for 50%
Mikrotik just strongly cuts speed.
Technical support doesn't pay attention to it.

RB750Gr3 is more powerful than RB850Gx2 and EdgeRouter Lite? If i found correctly, RB750Gr3 is equal EdgeRouter X? Which will be faster?

RB850x2 with HW encryption can encrypt/decrypt up to 500Mbps with 1400byte packets
new hex RB750Gr3 can encrypt/decrypt up to 470Mbps with 1400byte packets

RB850x2 with HW encryption can encrypt/decrypt up to 500Mbps with 1400byte packets
new hex RB750Gr3 can encrypt/decrypt up to 470Mbps with 1400byte packets

Why such difference between Mikrotik and VPN the client in Windows10 on upload to the same server?
Settings are identical. Mikrotik cuts speed almost by 4 times.
Почему такая разница в скорости между RB850x2 и VPN клиентом в Windows10 на аплоад до одного и того же сервера?
Настройки идентичные. Mikrotik режет скорость почти в 4 раза.

l2tp+ipsec aes256

Which AES algorithm did you choose? CBC, CTR or GCM?

Switching from CBC to CTR always got me a hefty performance boost.

Switch from CBC to CTR.

HW acceleration seems bugged atm, handling ecryption via software is better atm

Switch from CBC to CTR.

HW acceleration seems bugged atm, handling ecryption via software is better atm

How do this?
Thanks

Switch from CBC to CTR.
HW acceleration seems bugged atm, handling ecryption via software is better atm

How do this?
I use Mikrotik as the client and as the server
Thanks

SoftEther VPN not work with CTR
RC4-MD5, RC4-SHA, AES128-SHA, AES256-SHA, DES-CBC-SHA and DES-CBC3-SHA

It turns out at all a problem with speed, and Mikrotik simply deceives the clients in speed

It turns out at all a problem with speed, and Mikrotik simply deceives the clients in speed

The problem is at the Windows side. The MikroTik routers with hardware acceleration on multicore processors
are really fast, but they re-order the packets when the link is loaded (multi cores operate in parallel) and
the Windows OS does not handle this well.

It turns out at all a problem with speed, and Mikrotik simply deceives the clients in speed

The problem is at the Windows side. The MikroTik routers with hardware acceleration on multicore processors
are really fast, but they re-order the packets when the link is loaded (multi cores operate in parallel) and
the Windows OS does not handle this well.

You want to tell that the client of VPN in Windows 10 doesn't cipher a traffic or he is worse because by 4 times quicker than Mikrotik?
Вы хотите сказать что клиент VPN в Windows 10 не шифрует трафик или он хуже потому что в 4 раза быстрее чем Mikrotik?

Maybe speed degradation after firmware updates, is Windows or ISP problem too? ))

It is quite regular for routers that on firmware updates that add more features, the top speed decreases because CPU overhead for the new features has increased.
This happens in all routers, probably not for every upgrade.
The solution of using -CTR encryption is based on the fact that this encryption is not hardware accelerated and so the re-ordering does not occur, and Windows handles it better.
It would be best when MikroTik adds a checkmark where you can select software encryption for those codes that are now handled in hardware, until some solution has been found to avoid the re-ordering problem.
But best would be to file a bug report at Microsoft against their TCP implementation. It is not handling re-ordering well.

It is quite regular for routers that on firmware updates that add more features, the top speed decreases because CPU overhead for the new features has increased.
This happens in all routers, probably not for every upgrade.

Of course, if new features is used. But why speed decrease, when new features is disabled? I can understand, that new features need more hardware power, but when in new firmware CPU idle with 40%, and speed is down I can't understand.

It turns out at all a problem with speed, and Mikrotik simply deceives the clients in speed

The problem is at the Windows side. The MikroTik routers with hardware acceleration on multicore processors
are really fast, but they re-order the packets when the link is loaded (multi cores operate in parallel) and
the Windows OS does not handle this well.

I also saw issues outside of Windows. re-ordering is a problem when it happens at the levels Mikrotik does it at. Some applications are better at dealing with this, but bottomline they need to fix the ordering problem, which they have confirmed they are working on. More on this issue: http://forum.mikrotik.com/viewtopic.php ... 5&p=563395

RB850x2 with HW encryption can encrypt/decrypt up to 500Mbps with 1400byte packets
new hex RB750Gr3 can encrypt/decrypt up to 470Mbps with 1400byte packets

Where on the mikrotik webpage i can get the informations which device has hardware encryption and which encryptionmethods are supported ? I havent seen any information on the productpage of the RB850x2 f.e..

Its soo hard to find the right device for a special purpose when informations are hidden.

RB850x2 with HW encryption can encrypt/decrypt up to 500Mbps with 1400byte packets
new hex RB750Gr3 can encrypt/decrypt up to 470Mbps with 1400byte packets

Where on the mikrotik webpage i can get the informations which device has hardware encryption and which encryptionmethods are supported ? I havent seen any information on the productpage of the RB850x2 f.e..

Its soo hard to find the right device for a special purpose when informations are hidden.

This is probably the most up-to-date place http://wiki.mikrotik.com/wiki/Manual:IP ... encryption

Let's discuss routers, not nations. A lot of people have troubles with Mikrotik hardware, some things works bad, and I, and maybe колбаскин, wants that our devices works as described. Mikrotik must be interested with this too.

So, anybody buy RB750Gr3? Have you tried IPsec?

Is there any RouterBoard with IPSEC performance (like RB750GR3 - HEX v3) and combined with wlan in one device?

What about RB750Gr3 + http://wiki.mikrotik.com/wiki/Supported ... less_cards ?

P.S. Sorry, this will not work:

Note: RouterOS v6 does not support any USB Wi-Fi adapter

All characteristics of Mikrotik are strongly overestimated. It is a marketing
RB750Gr3

2) How could I obtain promised 450Mbit of IPSec throughput? Currently I have only about 130Mbit.

http://forum.mikrotik.com/viewtopic.php?f=3&t=113724

bedior made request in technical support that after the connection defined ON speed l2tp+ipsec strongly has fallen

It turns out at all a problem with speed, and Mikrotik simply deceives the clients in speed

The problem is at the Windows side. The MikroTik routers with hardware acceleration on multicore processors
are really fast, but they re-order the packets when the link is loaded (multi cores operate in parallel) and
the Windows OS does not handle this well.

I also saw issues outside of Windows. re-ordering is a problem when it happens at the levels Mikrotik does it at. Some applications are better at dealing with this, but bottomline they need to fix the ordering problem, which they have confirmed they are working on. More on this issue: http://forum.mikrotik.com/viewtopic.php ... 5&p=563395

Based on that thread, the reordering issue seems to be a CCR issue. I'm doubting that the rb1100ahx2 has this issue?