Search the Community
Showing results for tags 'mikrotik router'.
Found 2 results
-
Hi All, I’m experiencing sluggish web browsing when using a WireGuard connection through my Mikrotik router. My home internet connection is 1Gbps download / 50Mbps upload. Router is a Mikrotik hAP ac RB962UiGS (firmware version 7.16) When I use the Eddie client on my phone or PC to connect to the WireGuard server in Singapore, web browsing is fast and responsive. However, when I configure WireGuard directly on the Mikrotik hAP to connect to the same server and route my PC or phone traffic through the tunnel, browsing slows down significantly—almost to the point of being unusable. Everything connects successfully, but the degraded browsing performance is a disappointing. It doesn't appear to be resources on the Mikrotik, when attempting to download a file of the Mikrotik wireguard tunnel, CPU barely gets to 20% Can anyone give guidance on how to improve the performance? Here is my Mikrotik Config.. WAN is ether1 LAN is ether2 WG is wg-airvpn # by RouterOS 7.16 # software id = ITU9-GZKB # # model = RB962UiGS-5HacT2HnT /interface ethernet set [ find default-name=ether3 ] disabled=yes set [ find default-name=ether4 ] disabled=yes set [ find default-name=ether5 ] disabled=yes set [ find default-name=sfp1 ] disabled=yes /interface wireguard add listen-port=13231 mtu=1320 name=wg-airvpn /interface list add name=LAN add name=WAN /interface lte apn set [ find default=yes ] ip-type=ipv4 use-network-apn=no /routing table add disabled=no fib name=wireguard /ip firewall connection tracking set udp-timeout=10s /ip neighbor discovery-settings set discover-interface-list=LAN /ip settings set max-neighbor-entries=8192 /ipv6 settings set disable-ipv6=yes max-neighbor-entries=8192 /interface list member add interface=ether2 list=LAN add interface=ether1 list=WAN /interface ovpn-server server set auth=sha1,md5 /interface wireguard peers add allowed-address=0.0.0.0/0 endpoint-address=sg3.vpn.airdns.org endpoint-port=1637 interface=wg-airvpn name=peer2 persistent-keepalive=15s preshared-key="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" public-key="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" /ip address add address=10.152.XXX.XXX interface=wg-airvpn network=10.152.XXX.XXX add address=172.28.28.1/28 interface=ether2 network=172.28.28.0 /ip cloud set update-time=no /ip dhcp-client add interface=ether1 /ip firewall address-list add address=172.28.30.199 list="VPN Only" # My PC /ip firewall filter add action=accept chain=input comment="accept established,related,untracked" connection-state=established,related,untracked add action=drop chain=input comment="drop invalid" connection-state=invalid add action=accept chain=input comment="accept ICMP" in-interface=ether1 protocol=icmp add action=drop chain=input comment="block everything else" in-interface=!ether2 add action=fasttrack-connection chain=forward comment="fast-track for established,related" connection-state=established,related hw-offload=yes add action=accept chain=forward comment="accept established,related" connection-state=established,related add action=drop chain=forward comment="drop invalid" connection-state=invalid add action=reject chain=forward comment="reject WAN access to VPN Only List" out-interface=ether1 reject-with=icmp-network-unreachable src-address-list="VPN Only" add action=drop chain=forward comment="drop access to clients behind NAT from WAN" connection-nat-state=!dstnat connection-state=new in-interface=!ether2 log=yes /ip firewall mangle add action=mark-routing chain=prerouting dst-address=!172.28.28.0/22 new-routing-mark=wireguard passthrough=yes src-address-list="VPN Only" add action=change-mss chain=forward new-mss=clamp-to-pmtu out-interface=wg-airvpn passthrough=yes protocol=tcp tcp-flags=syn /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1 add action=masquerade chain=srcnat out-interface=wg-airvpn /ip ipsec profile set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5 /ip route add disabled=no dst-address=10.128.0.1/32 gateway=wg-airvpn routing-table=main suppress-hw-offload=no add disabled=no distance=1 dst-address=172.28.28.0/22 gateway=172.28.28.14 routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add disabled=no dst-address=8.8.4.4/32 gateway=wg-airvpn routing-table=main suppress-hw-offload=no add disabled=no dst-address=0.0.0.0/0 gateway=wg-airvpn routing-table=wireguard suppress-hw-offload=no /ip service set telnet address=172.28.28.0/22 disabled=yes set ftp address=172.28.28.0/22 disabled=yes set www address=172.28.28.0/22 set ssh address=172.28.28.0/22 set www-ssl address=172.28.28.0/22 set api address=172.28.28.0/22 set winbox address=172.28.28.0/22 set api-ssl address=172.28.28.0/22 disabled=yes /ip ssh set strong-crypto=yes /routing bfd configuration add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5 /routing rule add action=lookup-only-in-table disabled=yes src-address=172.28.29.128/25 table=wireguard /system clock set time-zone-name=Australia/Sydney /system identity set name=bump /system note set show-at-login=no /system ntp client set enabled=yes /system ntp client servers add address=pool.ntp.org /tool bandwidth-server set enabled=no /tool graphing interface add /tool graphing queue add /tool graphing resource add /tool mac-server set allowed-interface-list=LAN /tool mac-server mac-winbox set allowed-interface-list=LAN
-
Hello, i'm considering buying the AirVPN service, i read very old post about mikrotik configuration. I want to connect the airvpn's vpn on my mikrotik router to route all connection (from my home network clients) through AirVPN. Is it possibile? Is there some limitation? Thank you in advance, kind regards Marcello