I have two ER8411: Router A, and Router B.

• Router A has a public IP address and acts as an L2TP Server (encrypted).
• Router B (at a different site) is behind a NAT and runs as an L2TP LAN-LAN client (encrypted).
• Each of the two routers is on a 1GbE connection. Speed tests from devices behind both routers (before any VPN is configured) show symmetric 1GbE speeds to public speed test servers.
• When I enable the VPN and configure full tunneling through it with a Routing Policy, traffic from devices behind Router B is appropriately routed through Router A.
• Traffic from devices behind Router A (L2TP server) continue to have full symmetric 1GbE speeds to public servers.
• Traffic from devices behind Router B (L2TP LAN-LAN client) now have extremely asymmetric speeds (72Mbps down, 710Mbps up).
• The ER8411 advertises an encrypted L2TP speed of 2274.74 Mbps.

So my question is: what's the deal? Why am I losing 93% of my download speed on the VPN client on the VPN, when the advertised VPN throughput is more than double my link bandwidth?

I tried an OpenVPN config as well, seeing almost exactly the same asymmetric speeds.