1
Hardware and Performance / [CLOSED] OPNsense very low performance with/out Wireguard (with vlan, bridges)
« on: February 22, 2024, 02:34:51 pm »
Hello
after using a Linksys wrt1900acs V2 with openwrt for many years, it is time up upgrade. Based on reading some reviews I decided to try OPNsense on my new HW: Intel N100, 6x 2,5 Gbit eth, 16 GB DDR5 and more than enough SSD disk space.
Installation
------------
The basic installation and configuration was no problem with the tutorials. For the configuration of the bridges and Wireguard I was closely following these three:
- https://docs.opnsense.org/manual/how-tos/lan_bridge.html
- https://docs.opnsense.org/manual/how-tos/wireguard-client-proton.html
- https://gist.github.com/morningreis/eeda36e8bb07dcb750d77e9a744776e8
Requirements
---------------
The attached picture show my simple setup. I need only three vlans with bridges. Two of them will connect over Wireguard with the Internet and the thired Vlan will connect directly with the Internet. No wifi, no vpn-policiy-routing nor more Wireguard clients are required on the router.
Status and Issue
------------------
Based on the tutorials I was able to setup everything. Yes it is working but with one issue: PERFORMANCE!
OPNsense shows an orange latency warning for Wireguard on the dashbord. This might explain the low performance on Wireguard but also the direct Internet connection is not acceptable.
To ensure that I do not have an issue with the HW or Proxmox, I installed openwrt on it. This showed that the issue is most likely my OPNsense configuration. Here I need support of you please.
Q1 - How can I get rid of the organge latency warning for Wireguard in the OPNsense dashboard?
============================================================
Q2 - How can I improve my OPNsense configuration to get a better performance for the direct wan access?
==================================================================
Solutions and workarounds which did not work
----------------------------------------------------
- Of course I read some recommendations to avoid using bridges and vlans together due to the performance impact. Vlan should be better installed with one port for each vlan - with this you hand over the vlan handling to the managed switch. This is no option for me because my old router can do it and has a better performance...
- I also placed the endpoint IP in the monitoring IP field. Nothing changed.
Looking forward to read your experience!
PS if your are interested in two numbers -
1 The performance difference between my old installation and this new one is approx 40-50% worse for Wireguard connections on this new system (of course there is the latency warning!).
2 The performance difference from this installation compared with a quick installation of openwrt also on the new hardware, shows what is possible for the wan connection. Assuming that the wan connection of OPNsense and openwrt will be similar with a good configuration and tuning of OPNsense - the wan throughput of my current OPNsense installation can double!!!
after using a Linksys wrt1900acs V2 with openwrt for many years, it is time up upgrade. Based on reading some reviews I decided to try OPNsense on my new HW: Intel N100, 6x 2,5 Gbit eth, 16 GB DDR5 and more than enough SSD disk space.
Installation
------------
The basic installation and configuration was no problem with the tutorials. For the configuration of the bridges and Wireguard I was closely following these three:
- https://docs.opnsense.org/manual/how-tos/lan_bridge.html
- https://docs.opnsense.org/manual/how-tos/wireguard-client-proton.html
- https://gist.github.com/morningreis/eeda36e8bb07dcb750d77e9a744776e8
Requirements
---------------
The attached picture show my simple setup. I need only three vlans with bridges. Two of them will connect over Wireguard with the Internet and the thired Vlan will connect directly with the Internet. No wifi, no vpn-policiy-routing nor more Wireguard clients are required on the router.
Status and Issue
------------------
Based on the tutorials I was able to setup everything. Yes it is working but with one issue: PERFORMANCE!
OPNsense shows an orange latency warning for Wireguard on the dashbord. This might explain the low performance on Wireguard but also the direct Internet connection is not acceptable.
To ensure that I do not have an issue with the HW or Proxmox, I installed openwrt on it. This showed that the issue is most likely my OPNsense configuration. Here I need support of you please.
Q1 - How can I get rid of the organge latency warning for Wireguard in the OPNsense dashboard?
============================================================
Q2 - How can I improve my OPNsense configuration to get a better performance for the direct wan access?
==================================================================
Solutions and workarounds which did not work
----------------------------------------------------
- Of course I read some recommendations to avoid using bridges and vlans together due to the performance impact. Vlan should be better installed with one port for each vlan - with this you hand over the vlan handling to the managed switch. This is no option for me because my old router can do it and has a better performance...
- I also placed the endpoint IP in the monitoring IP field. Nothing changed.
Looking forward to read your experience!
PS if your are interested in two numbers -
1 The performance difference between my old installation and this new one is approx 40-50% worse for Wireguard connections on this new system (of course there is the latency warning!).
2 The performance difference from this installation compared with a quick installation of openwrt also on the new hardware, shows what is possible for the wan connection. Assuming that the wan connection of OPNsense and openwrt will be similar with a good configuration and tuning of OPNsense - the wan throughput of my current OPNsense installation can double!!!