Comment on I need help troubleshooting slow wireguard tunnel (VPS to home network)
tychosmoose@lemmy.world 3 days ago
Are you specifying bandwidth (-b) on the iperf UDP test? It defaults to 1M if I recall correctly, which would explain the result.
If not, try -b 10M or -b 0 for unlimited (the behavior used for TCP).
stavefajl@feddit.dk 3 days ago
Thanks! I had not read the manpage close enough, I guess. When specifying the bandwidth, I can saturate the connection using UDP to around 15 Mbits/s. (That this speed is much much lower than the 300-500 Mbits my connection and the VPS is capable of is a problem for a different time, I think).
What I also realized is, that I had not put the iperf server in UDP-mode, so my results reported in another comment are wrong. I read the results from the client, but the server did not respond. When running the iperf server in UDP-mode, I get 15 Mbits/s outside the wireguard tunnel and 180 Kbits/s inside the tunnel. With TCP-mode I get 10-15 Mbits/s outside the thunnel and 250 Kbits/s inside the tunnel.
tychosmoose@lemmy.world 3 days ago
Just throwing out more ideas:
Is there a CPU spike on the VPS?
Anything weird about Wireguard on either end? Using kernel mode WG everywhere and not a user mode version, right?
As a test I would be inclined to try a very small mtu to see if it makes a difference. 1280 is a failsafe that I use when on unknown networks and trying to wg out.
Maybe try with a smaller packet size, like 1KB which I think is
-l 1Kstavefajl@feddit.dk 1 day ago
Thanks for the suggestions.
I see no CPU spike on the VPS, and no CPU spikes on the clients.
I use WG started by root using wg-quick via systemctl on all devices.
I tried setting the MTU to 1280, with no significant changes, apart from slight slowdown compared to MTU of 1420 or 1440.
Smaller packet size also resulted in slightly lower speeds.
I used
tcpdumpon both client and server to find the negotiated MSS, and it shows an MSS of 1460 outside wg tunnel, so by following the calculations shown in this article procustodibus.com/…/wireguard-performance-tuning/, 1440 is the correct MTU for the wireguard interface when using IPv4 inside the tunnel.