Baja velocidad de bajada, alta de subida

Buenas noches

Me estoy volviendo loco. Desde hace un par de días estoy teniendo muy baja velocidad de bajada (unos 80mbps). La velocidad de subida sigue funcionando bien, a unos 600-630 mbps. Esto es conectado por cable y probado con varios ordenadores distintos en la misma toma.

Si pruebo a hacer un test por wifi, sorprendentemente tengo mejores resultados, con 300/500 desde un iPhone.

No he tocado nada en la configuración últimamente.

¿Se os ocurre algo? El hecho de que la subida vaya perfecta, y por wifi tenga más velocidad me han despistado completamente.

Un saludo

Código:
/interface bridge
add admin-mac=B8:69:F4:D9:32:13 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether2 ] comment="WiFi UniFi"
set [ find default-name=ether3 ] comment="Sal\F3n"
set [ find default-name=ether4 ] comment=Despacho
set [ find default-name=ether5 ] comment=ONT poe-out=forced-on
/interface wireguard
add listen-port=49851 mtu=1420 name=wireguard-rw
/interface vlan
add interface=ether5 name=vlan6-internet vlan-id=6
/interface pppoe-client
add add-default-route=yes disabled=no interface=vlan6-internet max-mru=1492 \
    max-mtu=1492 name=internet user=adslppp@telefonicanetpa
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec mode-config
add address=192.168.68.2 address-prefix-length=32 name=ike2-conf-branch \
    system-dns=no
/ip ipsec policy group
add name=ike2-template-group
/ip ipsec profile
add dh-group=modp2048,modp1536,modp1024 enc-algorithm=aes-256,aes-192,aes-128 \
    hash-algorithm=sha256 name=ike2-profile
/ip ipsec peer
add exchange-mode=ike2 name=ike2-peer passive=yes profile=ike2-profile
/ip ipsec proposal
add auth-algorithms=sha512,sha256,sha1 enc-algorithms="aes-256-cbc,aes-256-ctr\
    ,aes-256-gcm,aes-192-ctr,aes-192-gcm,aes-128-cbc,aes-128-ctr,aes-128-gcm" \
    lifetime=8h name=ike2-proposal pfs-group=none
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.199
add name=pool-vpn ranges=192.168.68.10-192.168.68.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge name=defconf
/ip ipsec mode-config
add address-pool=pool-vpn address-prefix-length=32 name=\
    ike2-conf-road-warrior split-include=0.0.0.0/0 static-dns=\
    192.168.88.1,1.1.1.1 system-dns=no
/port
set 0 name=serial0
/ppp profile
add change-tcp-mss=yes interface-list=LAN local-address=192.168.68.1 name=\
    vpn-profile remote-address=pool-vpn use-encryption=yes
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=sfp1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface l2tp-server server
set authentication=mschap2 default-profile=vpn-profile enabled=yes use-ipsec=\
    yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=internet list=WAN
/interface ovpn-server server
set auth=sha1,md5
/interface wireguard peers
add allowed-address=192.168.50.2/32 comment="PeerRW - Iphone 1" interface=\
    wireguard-rw public-key="XX="
add allowed-address=192.168.50.3/32 comment="PeerRW - iPad 1" interface=\
    wireguard-rw public-key="XX="
add allowed-address=192.168.50.4/32 comment="PeerRW - XPS" interface=\
    wireguard-rw public-key="XX="
add allowed-address=192.168.50.5/32 comment="PeerRW - Iphone 2" \
    interface=wireguard-rw public-key=\
    "XX="
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
add address=192.168.50.1/24 interface=wireguard-rw network=192.168.50.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=5m
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server lease
add address=192.168.88.203 client-id=1:0:11:32:23:ee:96 comment=Synology \
    mac-address=00:11:32:23:EE:96 server=defconf
add address=192.168.88.201 client-id=1:e4:5f:1:75:96:89 comment=\
    "Raspberry Pi 0W2 wlan" mac-address=E4:5F:01:75:96:89 server=defconf
add address=192.168.88.202 client-id=1:ac:d5:64:83:96:2f comment=\
    "Brother Impresora" mac-address=AC:D5:64:83:96:2F server=defconf
add address=192.168.88.200 client-id=1:0:e0:4c:78:fc:e7 comment=\
    "Raspberry Pi 0W2 eth0" mac-address=00:E0:4C:78:FC:E7 server=defconf
add address=192.168.88.253 client-id=1:94:de:80:77:10:ab comment=unRAID \
    mac-address=94:DE:80:77:10:AB server=defconf
add address=192.168.88.31 client-id=1:1e:a8:18:9e:8b:76 comment=U6-LR \
    mac-address=1E:A8:18:9E:8B:76 server=defconf
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=\
    192.168.88.252,192.168.88.200 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes use-doh-server=\
    https://cloudflare-dns.com/dns-query verify-doh-cert=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
add address=104.16.248.249 name=cloudfare-dns.com
add address=104.16.249.249 name=cloudflare-dns.com
/ip firewall address-list
add address=XX.sn.mynetname.net list=public-ip
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=accept chain=input comment="allow ipsec" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input protocol=ipsec-esp
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment="vpn: allow wireguard-rw" dst-port=\
    49851 protocol=udp
add action=accept chain=input src-address=192.168.50.0/24
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=change-mss chain=forward comment="ike2-road-warrior clamp tcp mss" \
    ipsec-policy=in,ipsec new-mss=1360 passthrough=yes protocol=tcp \
    src-address=192.168.68.0/24 tcp-flags=syn tcp-mss=!0-1360
add action=change-mss chain=forward dst-address=192.168.68.0/24 ipsec-policy=\
    out,ipsec new-mss=1360 passthrough=yes protocol=tcp tcp-flags=syn \
    tcp-mss=!0-1360
add action=change-mss chain=forward comment="ike2-branch clamp tcp mss" \
    dst-address=192.168.88.0/24 ipsec-policy=in,ipsec new-mss=1360 \
    passthrough=yes protocol=tcp src-address=192.168.98.0/24 tcp-flags=syn \
    tcp-mss=!0-1360
/ip firewall nat
add action=masquerade chain=srcnat comment=hairpin-nat dst-address=\
    192.168.88.0/24 src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\
    192.168.68.0/24
add action=dst-nat chain=dstnat comment=XX dst-port=6881 in-interface=\
    internet protocol=tcp to-addresses=192.168.88.253 to-ports=6881
add action=dst-nat chain=dstnat comment=XX dst-port=51413 \
    in-interface=internet protocol=tcp to-addresses=192.168.88.253 to-ports=\
    51413
add action=dst-nat chain=dstnat comment="XX" dst-port=51410 \
    in-interface=internet protocol=udp to-addresses=192.168.88.253 to-ports=\
    51410
add action=dst-nat chain=dstnat dst-port=51410 in-interface=internet \
    protocol=tcp to-addresses=192.168.88.253 to-ports=51410
add action=dst-nat chain=dstnat comment=XX dst-port=443 in-interface=\
    internet protocol=tcp to-addresses=192.168.88.253 to-ports=1443
add action=dst-nat chain=dstnat comment=XX dst-address-list=\
    public-ip dst-port=443 protocol=tcp to-addresses=192.168.88.253 to-ports=\
    1443
/ip ipsec identity
add auth-method=digital-signature certificate=vpn-server comment=mobile \
    generate-policy=port-strict match-by=certificate mode-config=\
    ike2-conf-road-warrior peer=ike2-peer policy-template-group=\
    ike2-template-group remote-certificate=vpn-client-mobile
add auth-method=digital-signature certificate=vpn-server comment=\
    router-branch generate-policy=port-strict match-by=certificate \
    mode-config=ike2-conf-branch peer=ike2-peer policy-template-group=\
    ike2-template-group remote-certificate=vpn-client-branch
/ip ipsec policy
add comment=road-warrior dst-address=192.168.68.0/24 group=\
    ike2-template-group proposal=ike2-proposal src-address=0.0.0.0/0 \
    template=yes
add comment=site-to-site dst-address=192.168.98.0/24 group=\
    ike2-template-group proposal=ike2-proposal src-address=192.168.88.0/24 \
    template=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.88.0/24,192.168.89.0/24,192.168.68.0/24
set ssh disabled=yes
set www-ssl disabled=no
set winbox address=192.168.88.0/24,192.168.89.0/24,192.168.68.0/24
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
    33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
/ppp secret
add name=XXX service=l2tp
/system clock
set time-zone-name=Europe/Madrid
/system logging
set 0 topics=info,!dhcp,!caps
add topics=ipsec,!packet
/system routerboard settings
set force-backup-booter=yes
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
Que rayada. Acabo de probar a desconectar el map lite que estoy preparando para Paco (IPTV). En mi hEX aun no he hecho nada, pero ha sido desconectarlo y la velocidad ha subido a 475/630. Añado que ese map lite estaba conectado al switch donde he hecho las pruebas conectado por cable. El AP va a directamente al mikrotik y no pasa por este switch.
 
Que rayada. Acabo de probar a desconectar el map lite que estoy preparando para Paco (IPTV). En mi hEX aun no he hecho nada, pero ha sido desconectarlo y la velocidad ha subido a 475/630. Añado que ese map lite estaba conectado al switch donde he hecho las pruebas conectado por cable. El AP va a directamente al mikrotik y no pasa por este switch.

Que modelo de switch es al que tienes conectado el map lite?
 
Arriba