MikroTik

Hi All,

I experience the same issue with both PureVPN and BolehVPN, both with SSTP and L2TP
I set up the VPN connection according the the guide (e.g. https://support.purevpn.com/mikrotik-sstp).
Then some websites doesn't load, just hang (e.g. speedtest.net, filmbuzi.hu).
After some investigation, I came across this page: http://www.marcinszymanski.pl/blog/conf ... 1-purevpn/
I have also contacted PureVPN support to acquire the correct MTU and MSS values. I configured the MTU and MSS values (MTU=1400, MSS=1360).
All pages load now, however I can only reach 30 Mbps download speed. If I connect from the desktop client, I can reach 100 Mbps. I experience the same issue with SSTP and L2TP, both with PureVPN and BolehVPN, so it has something to do with the router.

Can anybody help out with this issue please?

Thanks

Oh, tiny router. How art thou's CPU? So small in comparison to thee's? My mighty Intel i7 can outpace you? How unfair. Ye must feel most betrayed.

I'm going to go out on a limb and say you are capping out the CPU on your MikroTik. Which product do you have and during a prolonged speedtest if you look at system resources do you see the CPU spiking?

Hi idlemind,

Thanks for your reply. I tested it and you are indeed right. My i7 utilisation peaks during the speed test. I have the hAP ac model. Since I'm a bit of a noob here, my next question is: what type of VPN (other than PPTP) should I use that is more gentle on the CPU?

The hAP AC has no hardware crypto offload, so performance will be roughly the same regardless of protocol.

Ah, that's a bummer. Can you recommend any router below £200 which does have hardware crypto acceleration?

The MikroTik RB750Gr3 (hEX 3) has hardware crypto, but it does not have WiFi.
You can keep the hAP AC for the WiFi function.

Thanks pe1chl,

The MikroTik RB750Gr3 (hEX 3) says it has "IPsec Hardware encryption". Does it apply to SSTP?

Thanks pe1chl,

The MikroTik RB750Gr3 (hEX 3) says it has "IPsec Hardware encryption". Does it apply to SSTP?

I don't think so. But nobody looking for performance or stability would use SSTP anyway.
SSTP is a VPN over TCP. Those all suck.

So what connection type do you recommend? L2TP/IPSec?

It depends what you want. This is certainly a good solution for many purposes. But you can also use IPIP/IPsec, GRE/IPsec etc.
(when you want to link two networks that each have a router)

I just want to use a VPN to anonymise my traffic (hence using PureVPN), but I'd like it to be fast.

The latest hEX is going to be the fasted item in the under $100 range regardless of protocol. In part because it for sure accelerates IPSec. Which crypto algorithms in particular I'm not certain. It also has a stronger CPU than the other small MikroTik platforms so for protocols that are punted to the CPU it will perform better likely.

An alternative is to load a CHR and buy a license for it. You can then run it on a beefy server CPU. You may find more performance there.

I'd grab one and see how it goes. My Internet here is limited to 30 mbps down otherwise I could offer to test for you as I have a hEX.

I use Pure and Nord. I never had page loading issue nor I ever tempered with MTU MSS setting.

Hi szaa, you from Malaysia? since you mentioned BolehVPN.

Anyway I also having problem with slow VPN speed with PPTP and unable to load pages like you mentioned, fiddling around with MTU gets me to load some pages but it is super slow, changing MSS does not help alot too. MTU 1400 with MSS 1360. How are you able to get 30mbps? I am like always stuck in 2-3mbps.

My router is heX 750Gr3 and have tried with PureVPN, Nord, and Vypr...