Answer the question
In order to leave comments, you need to log in
D
D
Dima2013-12-14 15:30:47
Dima, 2013-12-14 15:30:47
How to fix the vpn network speed so that everything starts on Mikrotik?
Central CCR1036 Link 100M (guaranteed channel)
Branches RB750 Link 2M (guaranteed channel)
A PPTP server was raised on the CCR1036 because the branches have dynamic WAN IPs
The only add-ons that were made with FW were filter rules
/ip firewall filter
add action=drop chain=input comment="\C7\E0\E1\EB\EE\EA\E8\F0\EE\E2\E0\F2\FC \
\EF\EB\EE\F5\E8\E5 \EF\E0\EA\E5\F2\FB" connection-state=invalid
add chain=input comment="\D0\E0\E7\F0\E5\F8\E8\F2\FC \F3\F1\F2\E0\ED\EE\E2\EB\
\E5\ED\ED\FB\E5 \F1\EE\E5\E4\E8\ED\E5\ED\E8\FF" connection-state=\
established
add chain=input comment=\
"\D0\E0\E7\F0\E5\F8\E8\F2\FC \EF\F0\EE\F2\EE\EA\EE\EB Ping" disabled=yes \
protocol=icmp
add chain=input comment=\
"\D0\E0\E7\F0\E5\F8\E8\F2\FC \EF\F0\EE\F2\EE\EA\EE\EB GRE" protocol=gre
add chain=input comment=\
"\D0\E0\E7\F0\E5\F8\E8\F2\FC \EF\F0\EE\F2\EE\EA\EE\EB PPTP" dst-port=\
1723 protocol=tcp
add chain=input comment="\D0\E0\E7\F0\E5\F8\E8\F2\FC \EF\EE\EB\ED\EE\E5 \F1\EE\
\E5\E4\E8\ED\E5\ED\E8\E5 \EF\EE \EB\FE\E1\EE\EC\F3 \EF\F0\EE\F2\EE\EA\EE\
\EB\F3 \EB\E8\F1\F2\F3 safe" src-address-list=safe
add action=drop chain=forward comment="Block Adobe" layer7-protocol=adobe \
src-address=10.8.0.0/16 src-address-list=!ACL_IP_IT_SUPPORTS
add action=drop chain=forward comment="Block Corel" layer7-protocol=corel \
src-address=10.8.0.0/16 src-address-list=!ACL_IP_IT_SUPPORT
add action=drop chain=input comment=\
"\C7\E0\E1\EB\EE\EA\E8\F0\EE\E2\E0\F2\FC \E2\F1\B8"After the tunnel has risen, I check the speed on the RB750
Internet via WAN IP shows 1.7M
Internet via PPTP IP shows 256kb
Mikrotik "Bandwidth test" in the internal network shows the same as the previous 256kb
I took for testing:
DFL-2560 Core
DSR-150 Branch
Internet via WAN IP shows 1.8M
Internet via PPTP IP shows 1.5M
Question: how to fix vpn network speed so that everything starts on mikrotiks?
5 answer(s)
@Justbox87
@lryzhik
@Justbox87
@Justbox87
I turned off the speed, it began to show correctly (I didn’t think that this rule could spoil life, it should only limit phones so that they don’t take more from the channel), if I turn on encryption minus 40%.
Thanks a lot, everyone !
I
Ilya Evseev, 2013-12-14 @Justbox87
Is encryption enabled? If so, try turning it off.
What is the processor load on the RB750 at the time of transmission?
L
lryzhik, 2013-12-14 @lryzhik
is everything ok with mtu? what mtu costs on pptp tunnels?
Well, I join - what about encryption?
D
Dima, 2013-12-14 @Justbox87
put everywhere no
Test from the branch (10.8.29.100) data center 10.8.254.254
everything is sad
Ping from the branch (10.8.29.100) data center 10.8.254.254
pass, if I start to put -l 1500 does not work - it works fine -l 1400
D
Dima, 2013-12-14 @Justbox87
The problem was solved, everywhere I had a shaper for VoIP so that the speed did not exceed 256kb
/queue simple
add limit-at=256k/256k max-limit=256k/256k name=Phone1 packet-marks=\
Phone1-packet priority=1/1 target="" total-priority=1
add limit-at=256k/256k max-limit=256k/256k name=Phone2 packet-marks=\
Phone2-packet priority=2/2 target="" total-priority=2I turned off the speed, it began to show correctly (I didn’t think that this rule could spoil life, it should only limit phones so that they don’t take more from the channel), if I turn on encryption minus 40%.
Thanks a lot, everyone !
Similar questions
D
E
ettaluni2021-03-11 15:54:49
StrongSwan forwarding local networks of clients, VPS as a router?
0Reply
D
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question