Hi Team,

I hope this message finds you well. I'm reaching out to ask for your expertise and suggestions on an issue I've encountered with my VPN setup.

Setup Details:

VPN Server: CCR1009-7G-1C-1S+ (Product Details)
Client Device: RB5009UPr+S+IN (Product Details)
Bandwidth: Both the VPN server and client sides have a 1/1 Gigabit connection.
Firmware: Both has latest 7.14.1 firmware

Configuration:

IPsec with a pre-shared key
MODBP2024
Encryption: AES256
Cipher: AES256-CBC

Issue:

Without IPsec: The connection performs well, reaching speeds between 600-700 Mbps in both directions.
With IPsec Enabled: Download speeds are around 300 Mbps, but upload speeds drop significantly to around 100 Mbps.
I've noticed that when running a speed test through the VPN link on the RB5009UPr+S+IN, only 1 CPU core is utilized at around 80-89%, while the remaining cores are underutilized (10-30% usage).

I'm puzzled by this performance discrepancy, especially the upload speed bottleneck, and I do not believe it's a hardware limitation.

Does anyone have insights into what might be causing this issue or suggestions on how to improve the performance? Any advice or recommendations would be greatly appreciated.

Thank you in advance for your time and assistance. Looking forward to your friendly advice and suggestions.

Best regards,

It was a long time ago I had speed problems with my L2TP IPsec link and changing MAX MTU to 1400 fixed it for me .

Thanks for the info. You changed MTU only for l2tp client or? on "client" side?

It was a long time ago I had speed problems with my L2TP IPsec link and changing MAX MTU to 1400 fixed it for me .

Hey Ramirez, changed MTU on l2p connection and now it has 40% better download speed, I mean upload raised as well but it's 3 times slower than download. Is that normal behaviour? BW/pipe speed is not an issue:) they don't utilize more than 50%

Thank you very much

I saw as well that I can connect without IPsec key, then it's not encrypted. Is there way to forbid to connect without IPsec key?