veryhadu 2 Posted ... Hello everyone,I configured on pfsense 23.05.01 a wireguard tunnel quite easily. The file provided by our excellent provider AIRVPN allows me to connect without error. My Xeon E3 provides bandwidth of +/- 500Mbits/s "with openvpn" on the same remote server as the wireguard without any worries.It's from now or I don't know where to go to get the same bandwidth or at least half with the wireguard protocol which is reputed to be at least as fast as OpenVPN.I only manage to obtain quite unstable 20Mbits/s in download and the upload seems slightly more stable but not more than 22Mbits/s. Which should be enough to access youtube and twitch video resources fairly quickly, but this is done with untimely freezes that prevent continuous playback. Also browser search requests are very slow and sometimes not successful. Positive point: the response time (ping) is constant and stable, the online game is 100% ok...What about you? under pfsense with wireguard as an AIRVPN client.Knowing that a test under Windows with the official wireguard client I obtain with my ryzen an occupation of 85-90% of my total bandwidth. Everything else is 100% ok.What I'm wondering about is the stability of pfsense with or without a Xeon E3 getting a decent connection through Wireguard as a client ?Thank you for all your work team, the best supplier is here. Quote Share this post Link to post
benfitita 39 Posted ... I had similar issues with WireGuard. It helped me to reduce MTU. Try 1280 (the smallest possible for IPv6). Quote Share this post Link to post
go558a83nk 362 Posted ... 15 hours ago, veryhadu said: Hello everyone,I configured on pfsense 23.05.01 a wireguard tunnel quite easily. The file provided by our excellent provider AIRVPN allows me to connect without error. My Xeon E3 provides bandwidth of +/- 500Mbits/s "with openvpn" on the same remote server as the wireguard without any worries.It's from now or I don't know where to go to get the same bandwidth or at least half with the wireguard protocol which is reputed to be at least as fast as OpenVPN.I only manage to obtain quite unstable 20Mbits/s in download and the upload seems slightly more stable but not more than 22Mbits/s. Which should be enough to access youtube and twitch video resources fairly quickly, but this is done with untimely freezes that prevent continuous playback. Also browser search requests are very slow and sometimes not successful. Positive point: the response time (ping) is constant and stable, the online game is 100% ok...What about you? under pfsense with wireguard as an AIRVPN client.Knowing that a test under Windows with the official wireguard client I obtain with my ryzen an occupation of 85-90% of my total bandwidth. Everything else is 100% ok.What I'm wondering about is the stability of pfsense with or without a Xeon E3 getting a decent connection through Wireguard as a client ?Thank you for all your work team, the best supplier is here. yes, likely an MTU thing. Be sure to go into the interface settings for the wireguard interface and set MTU and MSS to 1420 or some other lower, matching number. Quote Share this post Link to post
veryhadu 2 Posted ... (edited) Thank you go558a83nk and benfitita After setting the MTU and MSS I get values of 250 Mb/s in download and 300 Mb/s in upload. MTU: 1420 MSS: 1420 Good for you Edited ... by veryhadu 1 go558a83nk reacted to this Quote Share this post Link to post
go558a83nk 362 Posted ... 22 hours ago, veryhadu said: Thank you go558a83nk and benfitita After setting the MTU and MSS I get values of 250 Mb/s in download and 300 Mb/s in upload. MTU: 1420 MSS: 1420 Good for you That's a huge improvement but still not as fast as openvpn? If so, really weird. What hardware accelerations do you have enabled? Quote Share this post Link to post
veryhadu 2 Posted ... (edited) Le 28/07/2023 à 22:16, go558a83nk a dit : That's a huge improvement but still not as fast as openvpn? If so, really weird. What hardware accelerations do you have enabled? To give you the most accurate answer: - Cryptographic Hardware = AES-NI CPU based acceleration Edited ... by veryhadu Quote Share this post Link to post
go558a83nk 362 Posted ... 11 hours ago, veryhadu said: To give you the most accurate answer: - Cryptographic Hardware = AES-NI CPU based acceleration - Hardware Checksum Offloading = enabled - Hardware TCP Segmentation Offloading = disabled - Hardware Large Receive Offloading = disabled - hn ALTQ support = disabled Configuration at MTU/MSS 1420 is very stable IPsec-MB is what I was wondering about for you. Quote Share this post Link to post
veryhadu 2 Posted ... (edited) On 7/30/2023 at 12:11 PM, go558a83nk said: IPsec-MB est ce que je me demandais pour vous. ... deleted Edited ... by veryhadu Quote Share this post Link to post
go558a83nk 362 Posted ... 1 hour ago, veryhadu said: Data Ciphers : AES-256-GCMFallback Data Encryption Algorithm : AES-256-CBCAuth digest algorithm : SHA512 No, I'm asking about the things on the linked page. Have you tried to enable QAT and/or IPSec-MB. QAT is supposed to be the best option if your device supports it, IPsec-MB next.https://docs.netgate.com/pfsense/en/latest/hardware/cryptographic-accelerators.html Quote Share this post Link to post
veryhadu 2 Posted ... (edited) 1 hour ago, go558a83nk said: Non, je pose des questions sur les choses sur la page liée. Avez-vous essayé d'activer QAT et/ou IPSec-MB. QAT est censé être la meilleure option si votre appareil le prend en charge, IPsec-MB ensuite.https://docs.netgate.com/pfsense/en/latest/hardware/cryptographic-accelerators.html No for Qat but IPsec-MB its possible, I go tested that option. Never activated before.Finally I will be able to answer you Better new values of 320 Mb/s in download and 340 Mb/s in upload. Edited ... by veryhadu 1 go558a83nk reacted to this Quote Share this post Link to post
Not connected, Your IP: 18.117.105.40
Online: 25316 users - 300523 Mbit/s total BW