J4125/N100 and Wireguard (for 1Gbps ISP line)

Started by abceleung, May 09, 2024, 05:13:47 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 09, 2024, 05:13:47 AM
Hi, I want to use OPNsense (in a J4125 or N100 mini PC) for site-to-site Wireguard.

There are some posts about J4125 Wireguard performance with OPNsense:
https://www.reddit.com/r/OPNsenseFirewall/comments/11vjbl7/j4125_with_intel_225_wireguard_performance/
https://forum.opnsense.org/index.php?topic=38058.0

Seems like J4125 is not able to max out 1Gbps connection with Wireguard (in OPNsense). Is this still the case?
Some folk at the OpenWrt community told me a RPi 4B can run >800Mbps Wireguard speed (with OpenWrt). J4125 should be able to achieve even higher speed.

On the other hand, could anyone with a N100 machine tell me how fast can it run Wireguard (with OPNsense)?
May 09, 2024, 09:54:31 AM #1
It is said already in one of your quoted threads, J4125, N5105 and N100 differ only marginally in their effective speeds.

As for Wireguard speeds on OpnSense in general and why reports for OpnWRT and "the other FreeBSD router" differ from what OpnSense can achieve: https://forum.opnsense.org/index.php?topic=38909.msg197650#msg197650

I think that with OpnSense, you will not reach 1 Gbps even with an N100 at this time. You probably could with this on top:

Code Select

opnsense-update -zkr 14-STABLE -a FreeBSD:14:amd64

Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 770 up, Bufferbloat A
May 09, 2024, 11:46:38 AM #2 Last Edit: May 09, 2024, 11:52:33 AM by abceleung
Quote from: meyergru on May 09, 2024, 09:54:31 AM
It is said already in one of your quoted threads, J4125, N5105 and N100 differ only marginally in their effective speeds.

As for Wireguard speeds on OpnSense in general and why reports for OpnWRT and "the other FreeBSD router" differ from what OpnSense can achieve: https://forum.opnsense.org/index.php?topic=38909.msg197650#msg197650

I think that with OpnSense, you will not reach 1 Gbps even with an N100 at this time. You probably could with this on top:

Code Select

opnsense-update -zkr 14-STABLE -a FreeBSD:14:amd64


Wow, this is news to me, thanks for the information.

Your command would upgrade the base FreeBSD to 14 and double the speed of Wireguard traffic, right? I presume it would reduce CPU load as well?
May 09, 2024, 11:52:30 AM #3
Quote from: abceleung on May 09, 2024, 11:46:38 AM
Your command would upgrade the base FreeBSD to 14 and double the speed of Wireguard traffic, right? I presume it would also reduce CPU load as well?

Yes. As long as you also lock the kernel package in order to keep it over future updates.

And you cannot have your cake and eat it, too. When wireguard speed maxes out because of CPU saturation, the load will be at 100%. So, if efficiency doubles, you will get double the speed at - still - 100% CPU load - i.e., if the speed was limited by CPU in the first place. You will notice a drop in CPU load only if the resulting speed is more than sufficient for your bandwidth.
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 770 up, Bufferbloat A
May 09, 2024, 11:55:58 AM #4
Quote from: meyergru on May 09, 2024, 11:52:30 AM
Quote from: abceleung on May 09, 2024, 11:46:38 AM
Your command would upgrade the base FreeBSD to 14 and double the speed of Wireguard traffic, right? I presume it would also reduce CPU load as well?

Yes. As long as you also lock the kernel package in order to keep it over future updates.

And you cannot have your cake and eat it, too. When wireguard speed maxes out because of CPU saturation, the load will be at 100%. So, if efficiency doubles, you will get double the speed at - still - 100% CPU load - i.e., if the speed was limited by CPU in the first place. You will notice a drop in CPU load only if the resulting speed is more than sufficient for your bandwidth.

Thanks for your answer!
Print
Go Up Pages1
User actions