I have 3 locations that are NAT/CGNAT that I need remote access to - between each other and from outside. I setup a Mikrotik CHR on a Cloud Server (running the VMWare VM instance directly from Mikrotik). The CHR is setup as an L2TP server and the 3 sites are L2TP clients - so they establish the connections to the L2TP server. Site A and B both have Mikrotik 4011s that are connecting to the Mikrotik CHR as clients. Site C is a Windows 10 PC using the Windows 10 VPN client to connect to the cloud CHR. The main site I want to get to (Site A) is being connected to via a UISP LTE device. It seems to be working fine - but has a slow upload rate of 1Mbps.
However - considering the hundreds of videos I've watched where people connect to Mikrotik CHRs (running in free mode with a 1Mbps limit on xfer rates) - WinBox and other connections (like HTTP or SSH) work perfectly fine. I have also been using another service which installs and uses an agent on a VM I am running on a server in the same LAN as the router in Site A - which gives me access to all the devices in that LAN via this agent (over an encrypted connection). Using this service (over the LTE internet connection as well), I can open WinBox from remote locations to Site A's 4011 just fine. I can also connect to Proxmox pves and VM's fine thought this service (via SSH, HTTP, and HTTPS) too. WinBox loads quickly and responds quickly - still going over the 1Mbps UISP LTE connection. Not only that - but the encrypted traffic also goes through the remote service's servers in the cloud before coming back to the client using it - so it really has an additional step of going through the local relay agent - and it works fine on this slow connection.
The reason I stated the last part is people keep trying to say it's the slow or inconsistent (which it is not inconsistent) LTE connection for my issue. I disagree for the reasons states above - especially considering the low volume traffic of SSH and simple HTTP. There appears to be something making it slower than the 1Mbps outgoing connection - not simply an issue of L2TP/IPsec overhead.
The issue is - that when I use a PC behind the Mikrotik 4011 at Site B to try to open WinBox to connect to Site A's Mikrotik 4011 (passing through the Mikrotik CHR L2TP server) - it hangs up at "Downloading Descriptors...". So, I open WinBox, enter the LAN IP of the Mikrotik 4011 at Site A (10.90.1.1), the username, and password - click Connect - it says "Logging in..." for a fraction of a second, then that changes to "Downloading Descriptors..." and then it just sits there making no progress and never connects. If I connect WinBox to the 4011 at Site B (10.0.0.1) - it works flawlessly. If I connect WinBox to the cloud vpn internal IP of the Mikrotik CHR (10.80.1.1) - it connects fine. If I use my PC at Site C (10.14.0.x/24) to connect WinBox to either the cloud CHR or Site B 'tiks - it connects fine - BUT it also has the same issue connecting to Site A's 4011 'tik with WinBox. I had a tech consultant also try from their location using an SSTP connection to the cloud CHR 'tik (acting as client) - and they had the same issue. The L2TP routes and access seem to work everywhere fine - except using any data of consequence from devices at Site A. Initially, I noticed that if I did much of any data use on Site A's 'tik - it hung up. Like, I could SSH into the Site A 'tik over the VPN - but if I did anything that caused even close to a screen worth of info to be show - the connection would freeze and no longer respond. I tried this with multiple SSH clients and the same thing happened. This seemed to improve after adjusting the mtu of the L2TP server to 1400 as the LTE connection seemed to be causing a lot of connection drops when at anything 1410 and higher.
I also tested, from Site B to Site A - removing all Firewall rules on both 'tiks and it made no difference. Opening web pages seems to just not happen. Like if I open dev tools (F12) and look at Network - the pages just simply aren't loading.
So WinBox, SSH, and sites can clearly be opened over the VPN from Site C to Site B. Sites B and C to cloud CHR also work. But anything to Site A seems to hang with any small amount of traffic being used.
I can ping 10.90.1.1 and other devices in that LAN. Generally, 150-300ms responses - but they are there. I have a RasberryPi on Site A that is running iperf3 in server mode. I can connect to it - but it shows 0.00 bits/sec bandwidth on each test line and at the end says 62.1 kbit/sec (receiver) with my PC on Site B being the iperf client and running as receiver. 62.1Mbps is slow since I know the connection is typically around 1Mbps. So maybe this is related to the net speed - BUT it seems to have something to do with Site A and the VPN as the same thing happens with other devices in the LAN - yet when using the 3rd party remote access software - I can connect and speeds are ok to descent.
I have found similar questions posted in here, though not exact, but none of them were answered - so here I am.