Jump to content
Not connected, Your IP: 3.145.103.100
Strathe

Astounding Speed Improvement with WireGuard Beta

Recommended Posts

Posted ... (edited)

I just enrolled in the WireGuard Beta and decided to run benchmarks to check if there was any performance difference compared with OpenVPN.

Specs:
Ubuntu 20.04 LTS with OpenVPN 2.5.1, WireGuard. CPU has AES-NI but weak single-core performance. 1 Gbps line.

Methodology:
1. Find a server with low load.
2. Connect to it via OpenVPN 2.51 with cipher AES-256-CBC and additional directives --fragment 0 --mssfix 0 --rcvbuf 0 --sndbuf 0.
3. Load 10 well-seeded Linux torrents (Ubuntu, Fedora, Arch Linux, etc.)
4. Observe average and top speeds.
5. Repeat immediately afterwards using WireGuard with the same AirVPN server and torrents.

Results:
OpenVPN: 350 Mbps average, 410 Mbps peak
WireGuard: 800 Mbps average, 1064 Mbps peak

I cannot believe how much faster WireGuard is. Literally a 2.5 times improvement in speed free of charge, and my 1 Gbps line is now the bottleneck.

Edited ... by Strathe

Share this post


Link to post

Interesting tidbit: I cannot reproduce these finding at all with Arch Linux. It's the other way around for me: OpenVPN full throughput, Wireguard highly crippled.
I'd like to request more info on your setup. Thank you in advance.

$ LANG=C lscpu|grep "Model name"
$ journalctl -k --no-pager | grep -i wireguard
$ wg --version
$ modinfo wireguard
$ lsb_release -r
  # Country and ISP; if not connected use this:
$ curl -s "http://ip-api.com"|grep -E "countryCode|isp"
  # 1 GBit/s FTTH?

.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
Posted ... (edited)
$ LANG=C lscpu|grep "Model name"
Model name:                      Intel(R) Xeon(R) CPU E5-2609 0 @ 2.40GHz
$ journalctl -k --no-pager | grep -i wireguard
No journal files were found.
$ wg --version
wireguard-tools v1.0.20210315 - https://git.zx2c4.com/wireguard-tools/
$ modinfo wireguard
modinfo: ERROR: Module alias wireguard not found.
$ lsb_release -r
bash: lsb_release: command not found
$ curl -s "http://ip-api.com"|grep -E "countryCode|isp"
  "countryCode"  : "US",
  "isp"          : "AT&T Services, Inc.",
1 GBit/s FTTH: Yes
The improvement in performance is even greater than I had previously thought. Using the same server, I repeated the tests with AirVPN servers in Japan, New Zealand, Switzerland, and the US and was able to easily hit above 600 Mbps with all of them when using WireGuard. Compare this with the all-time high speed of 450 Mbps I was able to achieve with any AirVPN server before WireGuard support was implemented. The difference is night and day. Edited ... by Strathe

Share this post


Link to post

Hello!

So far, the All Time High measured with multiple HTTP streams and in a way that line, CPU and peering could not be bottlenecks, and in an agnostic network, are 717 Mbit/s with OpenVPN and 864 Mbit/s with WreGuard. Your claimed peak of 1064 Mbit/s is a new record. Of course some hardware can have more gain, other almost nothing, and other could even have lower performance with WireGuard, as we have seen experimentally.

Remember: use WireGuard only when you have understood perfectly the privacy issues it poses and you are sure that they are not a problem for your threat model.

Kind regards
 

Share this post


Link to post
4 hours ago, Strathe said:

modinfo: ERROR: Module alias wireguard not found.


I don't quite understand. How can you use Wireguard without the kernel module??

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
10 hours ago, OpenSourcerer said:

Interesting tidbit: I cannot reproduce these finding at all with Arch Linux. It's the other way around for me: OpenVPN full throughput, Wireguard highly crippled.
I'd like to request more info on your setup. Thank you in advance.

$ LANG=C lscpu|grep "Model name"
$ journalctl -k --no-pager | grep -i wireguard
$ wg --version
$ modinfo wireguard
$ lsb_release -r
  # Country and ISP; if not connected use this:
$ curl -s "http://ip-api.com"|grep -E "countryCode|isp"
  # 1 GBit/s FTTH?

.
I use Arch and get 833/34, without VPN ranges from 800-1200 DL, 25-42 UP
https://www.speedtest.net/result/12255398586.png
 

scr_info.png

Share this post


Link to post
6 hours ago, OpenSourcerer said:

I don't quite understand. How can you use Wireguard without the kernel module??
Sorry, I ran the commands you gave inside of the docker container (with host networking) I used to perform the benchmarks. Here is the result on the host:
$ modinfo wireguard
filename:       /lib/modules/5.11.0-36-generic/kernel/drivers/net/wireguard/wireguard.ko
alias:          net-pf-16-proto-16-family-wireguard
alias:          rtnl-link-wireguard
version:        1.0.0
author:         Jason A. Donenfeld <Jason@zx2c4.com>
description:    WireGuard secure network tunnel
license:        GPL v2
srcversion:     656B5E368DC04310391A198
depends:        libblake2s,udp_tunnel,curve25519-x86_64,libchacha20poly1305,ip6_udp_tunnel,libcurve25519-generic
retpoline:      Y
intree:         Y
name:           wireguard
vermagic:       5.11.0-36-generic SMP mod_unload modversions 
sig_id:         PKCS#7
signer:         Build time autogenerated kernel key
sig_key:        5F:F6:6F:23:86:35:AB:B9:29:CC:24:05:2D:F8:3F:30:B4:4E:49:3D
sig_hashalgo:   sha512
signature:      78:20:DB:67:4E:9C:BD:FB:AB:F6:28:47:C6:39:2E:24:C3:9A:92:02:
		08:FA:C9:44:77:4D:54:A4:E6:C9:8F:A7:8F:5B:7B:E5:3E:58:CD:A6:
		67:6F:34:83:7F:16:6F:B0:5C:97:28:9B:74:75:75:8B:E1:1E:9D:D7:
		F4:AF:9B:AA:F1:D1:3F:CF:7B:C3:E3:56:E0:28:76:12:2F:05:ED:DD:
		A6:58:BF:D2:92:59:7F:42:4F:05:1E:FB:4B:53:03:E1:04:45:17:2C:
		D3:1A:D3:71:EE:DF:70:2B:99:AE:EC:45:FE:57:9A:02:AE:FC:89:B6:
		43:14:26:85:91:58:E7:CE:F8:5B:40:50:65:0F:E9:B7:3A:76:4C:A4:
		59:48:70:0B:B6:31:1D:C0:8B:8E:FF:08:EC:8F:A6:8B:80:0B:A3:AC:
		F0:C6:C1:27:DD:54:3B:72:79:25:D0:7F:96:5F:32:3E:6C:7C:F4:F1:
		43:58:95:58:93:5A:4D:3D:81:11:24:14:CA:A0:30:15:C6:D8:05:73:
		9F:FF:A0:D7:FB:BA:45:1B:99:9B:33:3F:22:2E:47:EB:CD:2B:86:A8:
		49:66:AC:FB:81:BB:5C:A6:76:3A:60:91:7D:A5:5A:9A:7E:77:8B:08:
		83:73:CF:DC:B4:F1:A1:D7:B5:BA:7D:27:04:66:3C:92:7E:E8:AA:FC:
		A6:EA:6D:32:06:86:3D:D8:9F:9C:F4:F0:F3:68:50:FC:EB:44:71:66:
		2F:0D:13:A1:2E:B9:EE:25:CC:0F:94:43:02:82:13:98:7B:A7:02:29:
		00:9C:22:AC:39:53:CD:60:93:CA:D9:E5:77:B7:60:45:FE:0C:2A:CB:
		3C:7B:24:54:45:A3:54:7E:42:4E:DC:EE:1F:60:75:F3:69:53:F8:68:
		E7:78:02:70:A4:60:FC:89:DA:FC:CA:1C:EC:3A:31:D2:D2:D5:0C:14:
		1D:CC:67:84:65:E7:C0:B6:03:FA:0F:A1:68:DC:A6:BA:AE:CC:AF:BB:
		39:6D:57:DB:AC:4E:85:20:53:79:F0:47:6D:09:58:59:52:B6:0D:21:
		9E:17:AB:87:93:88:37:70:18:67:AD:C3:EF:BB:09:53:D9:91:1F:B8:
		A0:D0:A5:3C:C2:81:39:39:4A:B7:EE:5B:B7:33:29:89:AB:09:E9:54:
		27:88:2F:E5:8D:F9:E5:E1:EC:30:A3:38:E6:DD:55:94:A0:0D:F8:36:
		B7:21:BC:AA:E5:3E:61:9C:8A:0C:30:5B:5A:03:97:97:F4:86:CF:68:
		CB:B4:84:86:2B:51:81:1D:3F:DA:A2:CB:A0:60:9E:F3:67:0A:3F:9E:
		83:B8:37:CA:F9:90:8D:F7:BE:30:CE:58
$ lsb_release -r
Release:	20.04

Share this post


Link to post

An Arch user who is screenshotting terminal output? Outrageous. Thread locked and dustbinned. :)

Apart from that, you seem to be using the PDS-patched kernel from AUR. Which means you compiled it from source, right? It's something I can try, too, with the Zen kernel. Or a different kernel altogether, maybe the Arch default.
Lemme try that, see if it improves the crap of a Wireguard performance I get with speedtest-cli:

Hosted by Spacken.net (Hagen) [141.07 km]: 21.8 ms
Testing download speed................................................................................
Download: 93.87 Mbit/s
Testing upload speed......................................................................................................
Upload: 0.38 Mbit/s

.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
1 hour ago, OpenSourcerer said:

An Arch user who is screenshotting terminal output? Outrageous. Thread locked and dustbinned. :)

Apart from that, you seem to be using the PDS-patched kernel from AUR. Which means you compiled it from source, right? It's something I can try, too, with the Zen kernel. Or a different kernel altogether, maybe the Arch default.

My settings are: PDS CPU scheduler, tickless, 500hz, BBRv2 TCP algorithm by default, no CPU yielding, CPU arch specific GCC optimisations
https://github.com/Frogging-Family/linux-tkg
https://codeberg.org/1/arch-borealis/src/branch/master/scripts/installers/TKG_Kernel.sh
https://codeberg.org/1/arch-borealis/src/branch/master/scripts/installers/non-SU/TKG_Kernel-cfg.sh

Images are harder to parse by bots than text, so it became a habit of mine. 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...