OPNsense Forum

Archive => 23.1 Legacy Series => Topic started by: Phil on March 20, 2023, 08:05:41 am

Title: WireGuard speed
Post by: Phil on March 20, 2023, 08:05:41 am: Hi, I can't d/l faster than 5Mo/s using Wireguard (Samba and FTP same) while the server bandwith upload is about 560Mbps (70Mo/s) and d/l on the client is about 800Mbps.
Both PC are under Windows 10, the client use Wireguard client for connect while Opnsense is the VPN server

It seems normal to you? if not what must i check?

Best Regards
Title: Re: WireGuard speed
Post by: tiermutter on March 20, 2023, 08:29:45 am: For Win10 I found MTU = 1372 best working. With default I also got very very low speeds.

Try
Code: [Select]
[Interface] MTU = 1372
in client config.
Title: Re: WireGuard speed
Post by: meyergru on March 20, 2023, 10:13:32 am: I get about 20 MByte/s and I have clamped MSS at 1360 for the Wireguard Group under Firewall->Settings-> Normalization, as this prevents other problems as well (see https://forum.opnsense.org/index.php?topic=23339.msg160282#msg160282)

For reference: I have PPPoE over 802.1q running for the WAN connection, so these add to the Wireguard overhead that is added to the packets and must fit into an ethernet frame which is limited to 1500 bytes.
Title: Re: WireGuard speed
Post by: Phil on March 20, 2023, 08:16:35 pm: Quote from: tiermutter on March 20, 2023, 08:29:45 am
For Win10 I found MTU = 1372 best working. With default I also got very very low speeds.

Try
Code: [Select]
[Interface] MTU = 1372
in client config.

Hi thx a lot it's much better now it's 25-30Mo/s
Any recommandation for Android?

Best regards
Title: Re: WireGuard speed
Post by: deajan on March 21, 2023, 04:21:16 pm: Quote from: tiermutter on March 20, 2023, 08:29:45 am
For Win10 I found MTU = 1372 best working. With default I also got very very low speeds.

Try
Code: [Select]
[Interface] MTU = 1372
in client config.

Interesting, since the default MTU value is 1420 bytes which is biger than the value you're advicing.
There shouldn't be any fragmentation when using a bigger MTU.
Could you care to explain perhaps ?

Does wireguard merge two SMB packets only to see that it will need to be fragmented or so ?

Thanks ;)
Title: Re: WireGuard speed
Post by: chemlud on March 21, 2023, 04:36:42 pm: @deajan, WG adds some overhead to the frame, so using 1420+WG will result in fragmentation, I guess...
Title: Re: WireGuard speed
Post by: tiermutter on March 21, 2023, 06:07:42 pm: I never determined MTU mathematically by observing traffic. It was just try and... find best MTU by comparing speed measurements (SMB copy [same data; small files and big files], iperf, ...).
Some more or less MTU did not make a real difference for me, therefore 1420 may also be fine, as I cannot exclude performance issues on host or client side or internet connection.
I never understood why I "need" low MTU for Windows and default for Android.
Title: Re: WireGuard speed
Post by: Phil on March 22, 2023, 02:44:44 am: Quote from: meyergru on March 20, 2023, 10:13:32 am
I get about 20 MByte/s and I have clamped MSS at 1360 for the Wireguard Group under Firewall->Settings-> Normalization, as this prevents other problems as well.

For reference: I have PPPoE over 802.1q running for the WAN connection.

Thx a lot for have take the time to answer me, i'm not sure about the result for my connexion i need to test it more only MTU, only MSS and both

Best regards