Community discussions

MikroTik App
 
unlikely
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Fri Feb 21, 2020 1:16 pm

Slow IPSEC Site-to-Site VPN, very slow on one direction

Mon May 29, 2023 1:22 am

I'm trying to establish an IPSEC site-to-site VPN from
Site 1, initiator, public dynamic ip address, RB5009
slow LTE internet connection

to
Site 2, responder, CCR2004 with private ip, behind a provider rb750 with fixed public ip address
CCR2004 is an "exposed host" but doesn't have the public ip

Previously we had a Zyxel USG 210 instead of CCR2004 and the VPS was working decently.
When changing from USG to CCR we just copied ipsec setting from RB5009 to CCR.
After changing the USG with a CCR, the VPN trafic seems slow from site 2 to site 1 (17Mbps compared to 32Mbps bypassing VPN), and almost not working from site 1 to site 2 (0.2Mbps average compared to 10Mbps bypassing VPN)

Both the RB5009 and CCR2004 have more or less the "bulding advanced firewall" configuration from Mikrotik web site.
The CCR2004 accept input UDP 500,4500; both accept forward in/out IPSEC before the fasttrack.

I ask myself if the fact that the CCR is behind the rb750, and the Local Address in IPSEC active peers is a private IP, require some special NAT/filter rule.

Where can I start to investigate the issue?
 
abbio90
Member Candidate
Member Candidate
Posts: 164
Joined: Fri Aug 27, 2021 9:16 pm
Contact:

Re: Slow IPSEC Site-to-Site VPN, very slow on one direction

Mon May 29, 2023 9:03 am

if you have fasttrack active disable it or exclude ipsec from fastrack

Who is online

Users browsing this forum: BartoszP, Bing [Bot], DanMos79, GoogleOther [Bot], robertkjonesjr, VinceKalloe and 89 guests