20Mbps WAN limited to 10Mbps over IPSec Tunnel

windows ipsec wide-area-network

Solution 1:

Even though CPU was the third thing I checked, and I wrote this:

The Mikrotik is at around 25%-33% CPU usage when doing these transfer tests

Which is confirmed by the CPU graph

enter image description here

I've had it confirmed by external resources (i.e. a bunch of other support forums and blogs) that most Mikrotik routers just cannot push more than 11Mbps of IPSec traffic with either 3DES or AES encryption, unless you get a model that has hardware encryption offloading.

So it looks like that this is just a hardware limitation. I should have caught it much earlier on, but for some reason the Mikrotik was not indicating to me that it was being CPU bound.

Off shopping I go.

Solution 2:

I can confirm that the culprit is the CPU. Here I benchmarked a Mikrotik RB750GL and I measured 12 Mb/s with AES-128 traffic (and only 6.0 Mb/s with 3DES).

Your result seems perfectly in-line with what recorded by me.

Related

nginx proxy_pass rewrite of response header location
Risks of using django manage.py runserver for production in a small scale server, for internal use?
How to configure IIS 7.5 SSL \ TLS to work with iOS 9 ATS
How to enable 2-factor auth using Google Authenticator for .ovpn file based openVPN access?
Snort is receiving traffic, but doesn't appear to be applying rules
VNC from Windows to Mac freezing constantly [closed]
How would you interpret the following vmstat output?
Do I *really* need to reserve a LAN adapter for Hyper-V remote access?
IIS 7 returns 304 instead of 200
HTTPS not working; binding set, certificate installed
How do I get ubuntu to reconfigure /etc/network/interfaces for me?
Remote offscreen rendering