Hi all, hope somebody can save me, I have been troubleshooting this issue for many weeks and getting exhausted, I have subscribed a few VPN service like PureVPN(my main), Nord and Vypr. However like many of the users facing, the speed is slow, very slow. I using conditional forwarding "mark routing" for my one selected vlan (which is for wifi).

Whenever I used the official App or manually configure in Windows machine (no matter which type of protocol), the speed is fast at least 30mbps speed (my speed is 100mbps without VPN). The moment I configure in Mikrotik, I get like abysmal 0-3mbps speed. and it takes long time if not unable to load many of the webpages. With speedtest.net constantly give me "Upload Test Error".

I'm using 6.39.2 but the same problem existed 2 versions before.
I am using PPTP primarily for speed and security is not much of the concern now.
I have tried fiddling with MTU and MSS for quite some time but comes to no avail. 1400MTU with 1360MSS or way smaller or way bigger, basically I have tried many possible combinations.

However, I found out one odd behaviour, whenever I "torch" my PPTP connection in winbox, the VPN connection will become stellar, as if it should have always been! With able to pass through all the speedtest.net upload test! This alone as stunned me.

I would love to know what had happened and what did I do wrong?
I have attached my truncated config... Thank you very much in advance.

Hi all, sorry for trouble, out of sudden I have tried something and fixed it (thinking that the connections that if need to go through "torch" it must be excluded from "fasttrack", which was an idea I read and used on my ipsec to Azure and learnt from somewhere in the internet), the speed now is what I have expected.

Steps I have done if anybody face the same problem as me and hopefully helpful:
1) I have reverted back the MTU to 1400 (as per "actual MTU") and MRU to 1400
2) Disabled the TCP MSS as not needed
3) Excluded the VPN connection (in and out interface) from fasttrack by using "mark connection" and give it a connection mark name.
4) On the default "fasttrack connection" change the connection to include the Connection Mark "! <connection mark name>"
5) And its done.

Thanks...

Hi all, sorry for trouble, out of sudden I have tried something and fixed it (thinking that the connections that if need to go through "torch" it must be excluded from "fasttrack", which was an idea I read and used on my ipsec to Azure and learnt from somewhere in the internet), the speed now is what I have expected.

Steps I have done if anybody face the same problem as me and hopefully helpful:
1) I have reverted back the MTU to 1400 (as per "actual MTU") and MRU to 1400
2) Disabled the TCP MSS as not needed
3) Excluded the VPN connection (in and out interface) from fasttrack by using "mark connection" and give it a connection mark name.
4) On the default "fasttrack connection" change the connection to include the Connection Mark "! <connection mark name>"
5) And its done.

Thanks...

Thankyou so much for this WildWurger! Ive been chasing this for months! It effects ppp on USB 3G/4G dongles too!

Ive got PureVPN connections and theyve gone from a glitchy few meg to 70Mpbs down / 30Mbps up! Im absolutely over the moon!

Took me a while to figure a rule though but heres what I did...

I added 2 rules in the mangle:
ip firewall mangle
add action=mark-connection chain=prerouting comment="MARK PPP Connections" in-interface=all-ppp new-connection-mark=PPTP_VPN passthrough=yes
add action=mark-connection chain=postrouting comment="MARK PPP Connections" out-interface=all-ppp new-connection-mark=PPTP_VPN passthrough=yes

...and modified the two fasttrack rules in filter:
ip firewall filter
add action=fasttrack-connection chain=forward comment="Fastrack Existing+Related Connections" connection-mark=!PPTP_VPN connection-state=established,related
add action=accept chain=forward comment="Accept Existing+Related Connections" connection-state=established,related
add action=fasttrack-connection chain=input comment="Fastrack Existing+Related Connections" connection-mark=!PPTP_VPN connection-state=established,related
add action=accept chain=input comment="Accept Existing+Related Connections" connection-state=established,related

THANK YOU... THANK YOU.... THANK YOU!

After weeks of trying to escape sub-1Mbps connection, this solved my problem.

Like the folk above - I went from less than 1mbps download and upload failures to 15mbps transfer each way.

This is still a lot slower than my connection without the VPN - however, it is infinitely faster!

For now I am very happy - as this speed is fine for my needs.

Thanks again
D

If it's pptp, try just CHAP encryption. You might get even more speed.

...of course it is never just easy. lol

I got the good speeds on my test router - and now I am trying to migrate across to my gateway router - and I'm not getting any traffic flowing through the VPN.

I do not have the VPN set as the default route; and there are a handful of IP's I am wanting to route through the VPN (others should flow through the local isp).

I was previously using mangle to "mark routing" where anything connected was destined to go through the VPN. The above solutions uses mangle to "mark connection". Even if I have an ip in Src. Address (beneath Chain on the General tab - I do not see any activity from the ip address in the Activity screen (or data counters).

Any pointers on how to get a handful of ip's routed through the PPTP tunnel?

Set up a default route with the desired gateway (VPN interface or VPN box IP), but add the condition of a routing mark. Say "to_USA"

In the mangle, mark packets with the desired src IPs with the same routing mark. Thats all you need to do.