Community discussions

MikroTik App
 
RickeDz
just joined
Topic Author
Posts: 8
Joined: Tue Jan 24, 2023 12:26 am

VPN Slow Speed

Tue Jan 24, 2023 8:08 am

Hi guys, thanks for coming on my topic... I have the following scenario:

1 -> Modem(DMZ to 192.168.1.15) -> MikroTik (DHCLIENT 192.168.1.15 / DHCP Server 192.168.88.0/24) -> Dell Server with Samba Shared Folders on Network
1 -> INTERNET OF THIS NETWORK (SERVER) 300MB Download / 150MB Upload

And on 2ND Scenario
2 -> Modem -> Notebook(Cable)
This 2nd internet has 200MB Download Speed and 150MB Upload Speed

If I put an HTTP File server on the Dell Server and open the port 80, the notebook download a ISO file on the MAXIMUM UPLOAD SPEED of the server (150MB->15Mb/s)

And the Notebook use a software who need to access the files throught samba server the databases files, mdb... etc
And I have try to use PPTP / L2TP / WIREGUARD... to connect VPN with the mikrotik, and When I access the server (\\192.168.88.100) through Windows Explorer, the speed of copy a file it's around 2mb/s...3mb/s...

Have something to do to mikrotik (rb750fr3) on the server network to give better speed's on VPN?
Huge Thanks!!!!
 
erlinden
Forum Guru
Forum Guru
Posts: 1920
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: VPN Slow Speed

Tue Jan 24, 2023 9:06 am

To start: can you please use the correct notation:

m = millli
M = Mega
b = bit
B = byte

Usually network speed is witten in Mbps (or Mb/s) or Gbps (or Gb/s).

Wireguard should be able to do better, can you share your config?

/export file=anynameyoulike

Make sure to remove any personal information.

During test, what is the cpu load of the MikroTik?
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: VPN Slow Speed

Tue Jan 24, 2023 10:01 am

I assume you're talking about Hex (750GR3) ?
You are also mixing up various VPN protocols so it is not clear what you are comparing with.

In general:
PPTP will be the fastest BUT AVOID when possible. Obsolete protocol, way too easy to crack.
Wireguard will be next (about 50% of your slowest connection)
Then LT2P
Then OpenVPN

The slowest part of the end-to-end connection one decides the pace.

But as requested, please provide config details and CPU load when running each of those VPN setups.
 
RickeDz
just joined
Topic Author
Posts: 8
Joined: Tue Jan 24, 2023 12:26 am

Re: VPN Slow Speed

Thu Jan 26, 2023 4:46 am

Hi @erlinden and @holvoetn, first thanks for the answers, I will try to answer all the questions here ok?

First the speedtest from the server...
Image

Second the speedtest from the client...
Image

During test, cpu load about 10% or less, because have only one client on this vpn and only the server connected on server network...

File Copy throught windows folder... from the server to local pc... STABLE SPEED around 3MB/s~4MB/s
Image

Same file been downloaded via webserver (http) chrome on port 58080.... STABLE SPEED around 15MB/s~18MB/s
Image

What it's the secret? pleeease haha :(
 
RickeDz
just joined
Topic Author
Posts: 8
Joined: Tue Jan 24, 2023 12:26 am

Re: VPN Slow Speed

Thu Jan 26, 2023 4:50 am

My config file it's here, all default configuration and all firewall rules are turned OFF to test the vpn...
# jan/25/2023 23:27:22 by RouterOS 7.7
# software id = I0WQ-RF5T
#
# model = RB750Gr3
/interface bridge
add admin-mac=B8:69:F4:5D:C9:8E auto-mac=no comment=defconf name=bridge
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 \
    use-peer-dns=yes user=xxxxx
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard1
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp interface=bridge name=defconf
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
/interface wireguard peers
add allowed-address=192.168.100.2/32 interface=wireguard1 public-key=\
    "8taHnSY851jklT2Z7ywWBQhkllkjlhjklca7UfCIOkllkC0YnIk71N3nOLEgY="
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
add address=192.168.100.1/24 interface=wireguard1 network=192.168.100.0
/ip dhcp-client
add comment=defconf disabled=yes interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
    192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=58080 protocol=tcp to-addresses=\
    192.168.88.100 to-ports=58080
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
    33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
/system clock
set time-zone-name=America/Bahia
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
RickeDz
just joined
Topic Author
Posts: 8
Joined: Tue Jan 24, 2023 12:26 am

Re: VPN Slow Speed

Thu Jan 26, 2023 4:51 am

To start: can you please use the correct notation:

m = millli
M = Mega
b = bit
B = byte

Usually network speed is witten in Mbps (or Mb/s) or Gbps (or Gb/s).

Wireguard should be able to do better, can you share your config?

/export file=anynameyoulike

Make sure to remove any personal information.

During test, what is the cpu load of the MikroTik?
Thanks for your answer
 
RickeDz
just joined
Topic Author
Posts: 8
Joined: Tue Jan 24, 2023 12:26 am

Re: VPN Slow Speed

Thu Jan 26, 2023 4:51 am

I assume you're talking about Hex (750GR3) ?
You are also mixing up various VPN protocols so it is not clear what you are comparing with.

In general:
PPTP will be the fastest BUT AVOID when possible. Obsolete protocol, way too easy to crack.
Wireguard will be next (about 50% of your slowest connection)
Then LT2P
Then OpenVPN

The slowest part of the end-to-end connection one decides the pace.

But as requested, please provide config details and CPU load when running each of those VPN setups.
Thanks for your answer too, sorry guys for my bad english.
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: VPN Slow Speed

Thu Jan 26, 2023 4:54 am

what is the max size of MTU ( do-not-fragment ) that u can get across the VPN?
 
RickeDz
just joined
Topic Author
Posts: 8
Joined: Tue Jan 24, 2023 12:26 am

Re: VPN Slow Speed

Thu Jan 26, 2023 4:56 am

I recorded a video and uploaded it on youtube of the case

https://www.youtube.com/watch?v=D3tFkFLiRx0

I think it's better to explain
 
RickeDz
just joined
Topic Author
Posts: 8
Joined: Tue Jan 24, 2023 12:26 am

Re: VPN Slow Speed

Thu Jan 26, 2023 5:02 am

what is the max size of MTU ( do-not-fragment ) that u can get across the VPN?
I think the answer it's here on this image, isn't it? sorry I'm starting with mikrotik now...

Image
 
rahulshakti
just joined
Posts: 1
Joined: Thu Jan 26, 2023 7:26 pm
Contact:

Re: VPN Slow Speed

Thu Jan 26, 2023 7:29 pm

There are several potential solutions to slow VPN speed, including:

Connect to a different server: Sometimes the server you are connected to may be experiencing high traffic or congestion, which can lead to slower speeds. Try connecting to a different server to see if that improves your speed.

Check your bandwidth: Make sure your internet connection has enough bandwidth to support the VPN. If you have a slow internet connection, a VPN will likely make it even slower.

Disable features that consume bandwidth: Some features like peer-to-peer (P2P) file sharing or streaming can consume a lot of bandwidth. Try disabling these features to see if that improves your VPN speed.

Switch to a different VPN protocol: Different VPN protocols can have different speeds. Some protocols like OpenVPN and IKEv2 are known for their fast speeds, so try switching to one of these protocols to see if that improves your speed.

Try a different VPN service: Some VPN services may be faster than others, so if none of the above solutions work, you may want to consider switching to a different VPN service.

Check your device and network: Check your device and network to see if there is a problem. Sometimes the issue is on the device or network level and not the VPN service.

It is important to note that some VPN services are not designed for streaming or heavy downloads, and if that is your use case, maybe you need to look into that before subscribing.
 
RickeDz
just joined
Topic Author
Posts: 8
Joined: Tue Jan 24, 2023 12:26 am

Re: VPN Slow Speed

Mon Jan 30, 2023 1:22 pm

I Think it's a samba latency problem... if someone know how to share via another protocol, please help

Who is online

Users browsing this forum: mtkvvv and 30 guests