Community discussions

MikroTik App
 
zaqik
newbie
Topic Author
Posts: 30
Joined: Mon Apr 13, 2020 5:31 pm

L2TP + IPSEC = Low speed

Thu Dec 29, 2022 12:55 am

Hello!
I used RB951 in the office as a L2TP VPN server (with IPSEC) for a bunch of remote users. I think all settings are default since there's nothing about /ip ipsec in my exported rsc file. Even when a sigle user was connected to such VPN server and tried to transmit a big file, RB's CPU load was 100% all the time, and user got speed near 10Mbit/s.

I changed my device to RB4011 (with IPSEC acceleration). I though just this will fix my problem, but no. Now CPU load is 2-3% in the same scenario, but speed is pretty much the same. I tried to change MTU to 1350 as suggested in similar threads but with no luck. What should I [re]configure to utilize more bandwidth for users connected to RB's L2TP server with IPSEC?

Here's what I see doing iperf from home to office when connected to RB's L2TP
[  4]   0.00-1.01   sec  1.75 MBytes  14.5 Mbits/sec
[  4]   1.01-2.01   sec  1.62 MBytes  13.7 Mbits/sec
[  4]   2.01-3.01   sec  1.62 MBytes  13.7 Mbits/sec
[  4]   3.01-4.01   sec  1.62 MBytes  13.6 Mbits/sec
[  4]   4.01-5.01   sec  1.62 MBytes  13.6 Mbits/sec
[  4]   5.01-6.01   sec  1.62 MBytes  13.6 Mbits/sec
[  4]   6.01-7.01   sec  1.75 MBytes  14.7 Mbits/sec
[  4]   7.01-8.01   sec  1.62 MBytes  13.6 Mbits/sec
[  4]   8.01-9.01   sec  1.62 MBytes  13.6 Mbits/sec
[  4]   9.01-10.01  sec  1.62 MBytes  13.6 Mbits/sec
And here's what I see when connects to office's OpenVPN dedicated server
[  4]   0.00-1.00   sec  4.62 MBytes  38.7 Mbits/sec
[  4]   1.00-2.01   sec  5.75 MBytes  47.7 Mbits/sec
[  4]   2.01-3.00   sec  4.38 MBytes  37.2 Mbits/sec
[  4]   3.00-4.00   sec  5.38 MBytes  45.1 Mbits/sec
[  4]   4.00-5.00   sec  5.38 MBytes  45.1 Mbits/sec
[  4]   5.00-6.00   sec  5.38 MBytes  45.1 Mbits/sec
[  4]   6.00-7.00   sec  3.62 MBytes  30.4 Mbits/sec
[  4]   7.00-8.00   sec  6.12 MBytes  51.4 Mbits/sec
[  4]   8.00-9.00   sec  5.38 MBytes  45.1 Mbits/sec
[  4]   9.00-10.00  sec  5.38 MBytes  45.1 Mbits/sec

50 Mbit's is my maximum.

Here's a portion of my config where ipsec is mentioned:
/ppp profile add dns-server=192.168.0.1 local-address=192.168.0.1 name=l2tp-office remote-address=pool_vpn
/ppp secret add name=vpnuser1 password=vpnuser1 profile=l2tp-office
/interface l2tp-server server set default-profile=l2tp-office enabled=yes ipsec-secret=qwerty123abcd use-ipsec=yes
/ip firewall filter
add action=accept chain=input dst-port=500,1701,4500 protocol=udp
add action=accept chain=input protocol=ipsec-esp

Who is online

Users browsing this forum: johnson73, loloski and 90 guests