I used RB951 in the office as a L2TP VPN server (with IPSEC) for a bunch of remote users. I think all settings are default since there's nothing about /ip ipsec in my exported rsc file. Even when a sigle user was connected to such VPN server and tried to transmit a big file, RB's CPU load was 100% all the time, and user got speed near 10Mbit/s.
I changed my device to RB4011 (with IPSEC acceleration). I though just this will fix my problem, but no. Now CPU load is 2-3% in the same scenario, but speed is pretty much the same. I tried to change MTU to 1350 as suggested in similar threads but with no luck. What should I [re]configure to utilize more bandwidth for users connected to RB's L2TP server with IPSEC?
Here's what I see doing iperf from home to office when connected to RB's L2TP
Code: Select all
[ 4] 0.00-1.01 sec 1.75 MBytes 14.5 Mbits/sec
[ 4] 1.01-2.01 sec 1.62 MBytes 13.7 Mbits/sec
[ 4] 2.01-3.01 sec 1.62 MBytes 13.7 Mbits/sec
[ 4] 3.01-4.01 sec 1.62 MBytes 13.6 Mbits/sec
[ 4] 4.01-5.01 sec 1.62 MBytes 13.6 Mbits/sec
[ 4] 5.01-6.01 sec 1.62 MBytes 13.6 Mbits/sec
[ 4] 6.01-7.01 sec 1.75 MBytes 14.7 Mbits/sec
[ 4] 7.01-8.01 sec 1.62 MBytes 13.6 Mbits/sec
[ 4] 8.01-9.01 sec 1.62 MBytes 13.6 Mbits/sec
[ 4] 9.01-10.01 sec 1.62 MBytes 13.6 Mbits/sec
Code: Select all
[ 4] 0.00-1.00 sec 4.62 MBytes 38.7 Mbits/sec
[ 4] 1.00-2.01 sec 5.75 MBytes 47.7 Mbits/sec
[ 4] 2.01-3.00 sec 4.38 MBytes 37.2 Mbits/sec
[ 4] 3.00-4.00 sec 5.38 MBytes 45.1 Mbits/sec
[ 4] 4.00-5.00 sec 5.38 MBytes 45.1 Mbits/sec
[ 4] 5.00-6.00 sec 5.38 MBytes 45.1 Mbits/sec
[ 4] 6.00-7.00 sec 3.62 MBytes 30.4 Mbits/sec
[ 4] 7.00-8.00 sec 6.12 MBytes 51.4 Mbits/sec
[ 4] 8.00-9.00 sec 5.38 MBytes 45.1 Mbits/sec
[ 4] 9.00-10.00 sec 5.38 MBytes 45.1 Mbits/sec
50 Mbit's is my maximum.
Here's a portion of my config where ipsec is mentioned:
Code: Select all
/ppp profile add dns-server=192.168.0.1 local-address=192.168.0.1 name=l2tp-office remote-address=pool_vpn
/ppp secret add name=vpnuser1 password=vpnuser1 profile=l2tp-office
/interface l2tp-server server set default-profile=l2tp-office enabled=yes ipsec-secret=qwerty123abcd use-ipsec=yes
/ip firewall filter
add action=accept chain=input dst-port=500,1701,4500 protocol=udp
add action=accept chain=input protocol=ipsec-esp