ER8411 VPN throughput in Wireguard & l2TP
Currently I am testing this new ER8411 VPN router as a main router for a small business for VPN users. At the office the ER8411 router is fed a static ip address at 2.5/2.5gbps symmetrical speed via a fiber ISP. At home I have a symmetric 5/5gbps with a different fiber ISP. The VPN is mainly used for remote desktop and accesing SMB file shares on a network share. I do realize SMB has a latency penalty but the latency between home and office routers is only 15ms.
I have configured an L2TP/IPSEC with encryption profile and added peers. I am using Iperf to saturate the connection to test speeds with multiple streams at a time. The results after fiddling with MTU settings at my most optimal have been 1.7Gbps transfer rate on download ( to home from office ) and 850mbps tranfer rate on upload (from home to office). An office computer is running iperf3 as a server and the client is at home. The CPU on the router GUI does not show it being taxed during a transfer, is this normal? is there a dedicated encription chip that handles the on the fly encryption without taxing the CPU? Also any idea if its normal for upload speeds to get cut in half, or some setting someone else has figured out. I have seen SMB file download spikes as high as 190MBps, yes Megabytes , thats crazy fast. But uploads alot slower arounf 50MBps which again SMB protocol sucks with latancy even if its 15ms.
I have configured a Wireguard VPN profile and added one peer to test with. The results after fiddling with MTU settings at my most optimal have been 900mbps transfer rate on download and 800mbps tranfer rate on upload . The CPU again doesnt appear to get taxed while transfer is taking place. I have noticed the SMB file tranfers though not as fast on download they are faster on upload when dealign with alot of small files. The previous SMB numbers mentioned where witch huge multigig files ( Lt2TP is better at 1.7gbps) but on smaller files it slows down wereas wireduard is faster at multiple smaller files.
I have also tinkered with IKEV2 but since I have L2TP enabled I can only assing it a static client IP address to make it work. speeds are similar to the L2TP but I can only test it on a MAC laptop since windows built in ikev2 doesnt work since the MSCHAP protocol is not supported and i believe the addition of certificates complicated things further to make it work. Still hopefully in the future you guys can find a way to get windows clients to work with IKEV2 as it seems more responsive/snapier than L2TP.
My question regarding wireguard is what are the max Speed throughput that it can handle assuming no latency and testing straight at the WAN port with iperf? These specs are listed on the website for the other VPN protocols. It would be complicated to try this myself as the router is currently running and I cant just kill the internet for the office lol.
Another suggestion is about the addition of DOH and DOT DNS proxies, I currently use NextDNS and I can only get DOH to work since you require an acutal IP address for DOT, nextDNS has character string instead of IPs, such as XXXX.dns.nextdns.io for the server address where XXXXX identifies your specific DNS account.
IF anyone has other test suggestions let me know.