I have 2 OPNsense servers running a WireGuard site-to-site tunnel across a 1Gbps connection. I've installed wireguard-kmod and previously was able to see approximately 850Mbps or so of iPerf across the connection. However, I've installed updates over the last couple of weeks and now only see approximately 400Mbps via an iPerf test. I saw the slowdown with both 21.1 and 21.7.
I'm not sure why wireguard-kmod has become much slower, but I'd like to try reverting the wireguard-kmod package to a previous version. I'm having trouble figuring out how to do this though.
Any recommendations?
Thank you.
Any thoughts on how to revert to an earlier version of wireguard-kmod?
Thanks!
Which was last known working version?
opnsense-revert -r 21.1.x wireguard-kmod
opnsense-revert does not work over major version boundaries ;)
Cheers,
Franco
Unfortunately, I tried opnsense-revert even when I was still on 21.1 (before upgrading to 21.7) and it didn't work (fetching wireguard-kmod.txz failed). The current version is 0.0.20210606_1, but the previous version was just 0.0.20210606 and it worked correctly, I believe.
If it's just a difference between "_1" no relevant WireGuard code was actually changed:
https://github.com/opnsense/ports/commit/415a97e9268ca8
Cheers,
Franco
You're right, of course. Looking more into it, I built the system in the beginning of May, so 0.0.20210424 (or something similar) is probably the one that worked fast for me. Any way of installing that version now?
Alternatively, any other ideas why Wireguard (in kernel mode) may have slowed down around Opnsense 21.1.8 or so?
Thanks!
Branin
Well there is:
wireguard-go-0.0.20210424,1.txz (your version indication but possibly not what you seek)
wireguard-kmod-0.0.20210503.txz (older kmod version indeed)
# pkg add -f https://pkg.opnsense.org/FreeBSD:12:amd64/21.1/MINT/21.1.6/OpenSSL/All/wireguard-kmod-0.0.20210503.txz
You can try to hop through the MINT/21.1.x directories to find older versions. opnsense-revert does the same thing but not across major versions for safety as mentioned earlier.
Cheers,
Franco
Thank you for this! I was able to go back a few generations and try older versions of wireguard-kmod. Unfortunately, my speed remained slow throughout, so I assume the issue isn't due to wireguard-kmod but some other OPNsense change.
I'll plan on purchasing a support plan, if you think it will be helpful to diagnose this.
Thanks!
Branin
Hi Branin,
Sure, we could take a closer look. Though at this point it's a bit unclear what we will find and how long it takes. This could be anything from code changes to configuration changes to unrelated networking/infrastructure changes.
Cheers,
Franco