I have Mikrotik CCR1009 with RouterOS 6.49.4 running fine.
After upgrade to 7.1 (long term), or 7.1.3 (stable), or 7.2.rc4 (testing) i have issue with slow traffic, after downgrade to 6.49.4 it also working fine, so must be something about RouterOS 7 bug, not yet fixed.
Issue is that LAN client accessing internal web page application (over mikrotik gre+ipsec) to remote location via web browser like https://internalip , having JavaScript content >3 MB it is very very slow loading (several minutes).
On client I do see in wireshark lot of TCP retransmits.
Accessing public Internet web sites is working fine.
ICMP traffic, MTU also seems all fine and working.
Tried with or without FASTPATH ip firewall rule. Also tried allow all in ip firewall
Anyhow, traffic is working but very very slow only for remote site destination IP's for TCP connections
On Mikrotik device, this is going through GRE tunel with is first using IPSec ipsec policy
Code: Select all
/interface gre add keepalive=5s,3 local-address=(LOCALWAN) name=toCentral remote-address=(REMOTELOCAL)
/ip ipsec profile add dh-group=modp2048 enc-algorithm=aes-256 name=central nat-traversal=no
/ip ipsec peer add address=(REMOTEWAN) exchange-mode=ike2 local-address=(LOCALWAN) name=toCentral
/ip ipsec proposal add enc-algorithms=aes-256-cbc name=proposal1 pfs-group=modp2048
/ip ipsec identity add peer=toCentral secret=XXXX
/ip ipsec policy dst-address=(REMOTELOCAL) peer=peer1 proposal=proposal1 protocol=gre src-address=(LOCALWAN) tunnel=yes