openvpn 2.6.6

[amastrangelo]

Good morning,
I got an opnsense DEC840 appliance to implement openvpn roadwarrio with OTP and Active Directory. At maximum load there are about 150 users.
OPNsense 23.7.7_3-amd64

Below are the settings:
UDP protocol
crypto: AES-128-CBC
digest: SHA1
type: routed
compression: lz4
tlsmode : auth
pf status: off
interface: TAP

System tunables:
Hardware CRC = off
Hardware TSO = off
Hardware LRO =off
VLAN Hardware Filtering = off

2 lines in wan natted by mikrotik
1)500 MB
2)100 MB
managed by round robin dns

With this configuration I have a packet loss between 5-6 % which I honestly find unacceptable.
In some situations there is a collapse. 12-20% packet loss
With older opnsense versions and same configuration we never experienced this situation.
I have always used virtualized opnsense, with the old versions, I have never experienced these problems.
I took the hardware appliance to make sure the problems did not stem from virtualization.

Having a businnes license, I ask if I have missed any best practices.
What do you recommend ?
Please help me.