• If I copy a 1 GB file between two PCs within the branch LAN, I get 102 MB/sec — as expected, given the 1 Gbps LAN and NICs.

• If I copy a similar file between two VMs within the same AWS VPC, I get 250 MB/sec or more — also expected, as the EC2 VNICs are rated at 5 Gbps.

• Different VPN setups: IPsec, IPIP (encrypted), and WireGuard — WireGuard performed the worst.

• Upgrading the AWS CHR to a larger instance (C6i with 32 GB RAM and 4 vCPUs).

• Tuning MTU and TCP window size on Windows.

• Tweaking queue settings on both the CHR and the CCR2116.

I would try tcp mss clamping matched to below whatever the underlying vpn mtu is.

If in doubt <=1360 might be a good start. (assumes underlying vpn mtu is 1400 ish)

I had best SMB speeds over wireguard with 1350 MTU, did you try that?

Where do you do such clamping?

/ip firewall mangle
add action=change-mss chain=forward comment="clamp mss via wireguard" in-interface=wireguard1 new-mss=1360 passthrough=no protocol=tcp \
    tcp-flags=syn tcp-mss=1361-65535
add action=change-mss chain=forward comment="clamp mss via wireguard" new-mss=1360 out-interface=wireguard1 passthrough=no protocol=tcp \
    tcp-flags=syn tcp-mss=1361-65535

I did try Wireguard, speeds were even worst,, tried with multiple MTUs.
Best was with defauts.
What transfer speeds you get on SMB ?

I had best SMB speeds over wireguard with 1350 MTU, did you try that?

I did try Wireguard, speeds were even worst,, tried with multiple MTUs.
Best was with defauts.
What transfer speeds you get on SMB ?

I get near max speeds of wireguard tunnel it self.

Here is example copy between CCR2004(server 2025) and HAP AX3(server 2019) using wireguard and 1350mtu. I get about 750mbit TCP on bandwidth test thru wireguard tunnel so thats near max SMB speeds.

My goal is to host an SMB share on the AWS VM and have one or more Windows PCs at the office access it.

My goal is to host an SMB share on the AWS VM and have one or more Windows PCs at the office access it.

I work from home, and if I am doing something that needs to access the file servers, it is much better to RDP to a VM at work over VPN and let the SMB access be local between the Win Pro PC (vm or physical) at work and the file servers at work.

RDP runs well over a relatively slow link (10-20 Mbps) for most desktop applications. Not great for audio/video (e.g. watching youtube videos), but fine for things that aren't constantly modifying the screen, like is the case for most business applications.

What types of files are being accessed and what type of application is being used?

We have an app that must run locally, on Windows 10, and uses a mapped drive from a Windows Server.
This local server is being phased out.

That app itself does not need much bandwidth, but ocasionaly, the users need to copy big video files (around 1 Gb each) from and to the fileserver, via Windows Explorer.

Is this one server next to the other,, ? or over the Internet.
Because Im trying to do this over the Internet.

I get near max speeds of wireguard tunnel it self.

Here is example copy between CCR2004(server 2025) and HAP AX3(server 2019) using wireguard and 1350mtu. I get about 750mbit TCP on bandwidth test thru wireguard tunnel so thats near max SMB speeds.

Is this one server next to the other,, ? or over the Internet.
Because Im trying to do this over the Internet.

Why would anyone run wireguard inside network between servers?

Edit:I think your pings are causing the problems, I have 3ms between servers.

SMB over QUIC would solve your problems if you have new server 2025 or you need to play with tcp window sizes in windows if I remeber correctly to adjust for latency.