Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
T
T
trauus2018-11-21 17:14:27
network hardware
trauus, 2018-11-21 17:14:27

Why does Mikrotik slow down?

Router RB951G-2HnD.
From a local provider, Internet access via PPTP without encryption. Next, the traffic goes to the VPN provider through the L2TP tunnel.
When testing the speed through internet.yandex 10 MB / s, torrents above 5.5 MB / s are not raised.
Fasttrack rule is configured, if you disable it - nothing changes.
My old Asus RT-N16, under these conditions, gave out 7.5 MB / s on torrents quietly.
In which direction to dig?
Filter rules:

0  D ;;; special dummy rule to show fasttrack counters
      chain=forward action=passthrough 

 1    ;;; defconf: fasttrack
      chain=forward action=fasttrack-connection connection-state=established,related protocol=0 log=no 
      log-prefix="" 

 2    ;;; defconf: accept established,related, untracked
      chain=forward action=accept connection-state=established,related,untracked log=no log-prefix="" 

 6    ;;; defconf: accept established,related,untracked
      chain=input action=accept connection-state=established,related,untracked log=no log-prefix="" 

 7    ;;; defconf: drop invalid
      chain=input action=drop connection-state=invalid 

 9    ;;; defconf: drop all not coming from LAN
      chain=input action=drop in-interface-list=!LAN 

12    ;;; defconf: drop invalid
      chain=forward action=drop connection-state=invalid 

13    ;;; defconf:  drop all from WAN not DSTNATed
      chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN

NAT:
0    chain=srcnat action=masquerade out-interface=pvpn-out1 log=no log-prefix="" 

 1    chain=srcnat action=masquerade out-interface=tun1-rt-wan log=no log-prefix=""

Mangle:
0  D ;;; special dummy rule to show fasttrack counters
      chain=prerouting action=passthrough 

 1  D ;;; special dummy rule to show fasttrack counters
      chain=forward action=passthrough 

 2  D ;;; special dummy rule to show fasttrack counters
      chain=postrouting action=passthrough

While downloading torrents, the picture is as follows:
5bf55fe9074b9002457074.png

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

5 answer(s)
Report
Z
Ziptar, 2018-11-21
@Ziptar

Look towards MSS and MTU for PPTP connections and for L2TP connections.

Report
D
Dmitry Alexandrov, 2018-11-21
@jamakasi666

Fasttrack is an extremely mysterious thing, moreover, capricious and with a lot of nuances.
I recommend one of the options:
1) Once again, very thoughtfully read what it is, what it is for, what problems it has at the office. wiki .
2) If you are 146% sure that all configuration recommendations are followed, then there is a chance that this is one of the mysterious glitches that are usually treated by a full reset to factory settings without saving the configuration and without applying the default standard configuration. It sounds very crazy, but it really often helps with incomprehensible problems when everything should definitely be right.
3) Try to get away from Fasttrack and set everything up the classics without it. As a rule, it makes sense to resort to Fasttrack when speeds are closer to gigabit with a bunch of firewall rules and there is simply not enough firewall processor, but you only have a weaving channel here. There is an assumption that it may be messed up due to the configuration in which the tunnel is on top of the tunnel. Another option is to search the forums, perhaps for such a situation there are subtleties of Fasttrack settings.
4) As suggested already, dig the MSS and MTU in the tunnels.

Report
S
Sergey Sashkin, 2018-11-21
@LexPex

Internet access via PPTP without encryption, an L2TP tunnel to the VPN provider was raised on top.
How does routing go to the provider and how does the tunnel to the provider differ from the PPTP Internet? O_o?

Report
D
Diman89, 2018-11-22
@Diman89

Because the 951 is not fully capable of working with encrypted tunnels, it does not have a hardware acceleration chip for encryption.
Even with the firewall completely disabled, it is not certain that it will work at full speed.
Change the piece of iron

Report
P
poisons, 2018-11-27
@poisons

Only I saw that the percentage went to the ceiling? The piece of iron is weak for such tasks. Even without encryption.

Similar questions
I
Ilya bow2018-06-21 15:18:38
Are there xdsl modems that would not be able to work as a router? And if so, does anyone remember the model? 2Reply
R
rdntw2013-07-19 13:37:30
Switch/router performance comparison? 2Reply
A
AlexeyZhm2020-06-26 08:20:58
How to organize the connection of local networks through several channels? 2Reply
L
lapka-admin2018-06-24 07:31:01
A couple of questions about 4G routers? 3Reply
O
OracleX2021-09-23 09:39:36
How to bridge from Kazakhtelecom router Ebi-Focus to Mikrotik HAP AC2? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question