Jump to content
Not connected, Your IP: 3.138.69.101
veryhadu

Wireguard performance : pfsense + Xeon

Recommended Posts

Hello everyone,

I configured on pfsense 23.05.01 a wireguard tunnel quite easily. The file provided by our excellent provider AIRVPN allows me to connect without error. My Xeon E3 provides bandwidth of +/- 500Mbits/s "with openvpn" on the same remote server as the wireguard without any worries.

It's from now or I don't know where to go to get the same bandwidth or at least half with the wireguard protocol which is reputed to be at least as fast as OpenVPN.

I only manage to obtain quite unstable 20Mbits/s in download and the upload seems slightly more stable but not more than 22Mbits/s. Which should be enough to access youtube and twitch video resources fairly quickly, but this is done with untimely freezes that prevent continuous playback. Also browser search requests are very slow and sometimes not successful. Positive point: the response time (ping) is constant and stable, the online game is 100% ok...

What about you? under pfsense with wireguard as an AIRVPN client.

Knowing that a test under Windows with the official wireguard client I obtain with my ryzen an occupation of 85-90% of my total bandwidth. Everything else is 100% ok.

What I'm wondering about is the stability of pfsense with or without a Xeon E3 getting a decent connection through Wireguard as a client ?

Thank you for all your work team, the best supplier is here.

Share this post


Link to post
15 hours ago, veryhadu said:
Hello everyone,

I configured on pfsense 23.05.01 a wireguard tunnel quite easily. The file provided by our excellent provider AIRVPN allows me to connect without error. My Xeon E3 provides bandwidth of +/- 500Mbits/s "with openvpn" on the same remote server as the wireguard without any worries.

It's from now or I don't know where to go to get the same bandwidth or at least half with the wireguard protocol which is reputed to be at least as fast as OpenVPN.

I only manage to obtain quite unstable 20Mbits/s in download and the upload seems slightly more stable but not more than 22Mbits/s. Which should be enough to access youtube and twitch video resources fairly quickly, but this is done with untimely freezes that prevent continuous playback. Also browser search requests are very slow and sometimes not successful. Positive point: the response time (ping) is constant and stable, the online game is 100% ok...

What about you? under pfsense with wireguard as an AIRVPN client.

Knowing that a test under Windows with the official wireguard client I obtain with my ryzen an occupation of 85-90% of my total bandwidth. Everything else is 100% ok.

What I'm wondering about is the stability of pfsense with or without a Xeon E3 getting a decent connection through Wireguard as a client ?

Thank you for all your work team, the best supplier is here.

yes, likely an MTU thing.  Be sure to go into the interface settings for the wireguard interface and set MTU and MSS to 1420 or some other lower, matching number.

Share this post


Link to post
Posted ... (edited)
Thank you go558a83nk and benfitita

After setting the MTU and MSS I get values of 250 Mb/s in download and 300 Mb/s in upload.

MTU: 1420
MSS: 1420

Good for you
Edited ... by veryhadu

Share this post


Link to post
22 hours ago, veryhadu said:
Thank you go558a83nk and benfitita

After setting the MTU and MSS I get values of 250 Mb/s in download and 300 Mb/s in upload.

MTU: 1420
MSS: 1420

Good for you

That's a huge improvement but still not as fast as openvpn?  If so, really weird.  What hardware accelerations do you have enabled? 

Share this post


Link to post
Posted ... (edited)
Le 28/07/2023 à 22:16, go558a83nk a dit :

That's a huge improvement but still not as fast as openvpn?  If so, really weird.  What hardware accelerations do you have enabled? 

To give you the most accurate answer:

- Cryptographic Hardware = AES-NI CPU based acceleration

  Edited ... by veryhadu

Share this post


Link to post
11 hours ago, veryhadu said:

To give you the most accurate answer:

- Cryptographic Hardware = AES-NI CPU based acceleration
- Hardware Checksum Offloading = enabled
- Hardware TCP Segmentation Offloading = disabled
- Hardware Large Receive Offloading = disabled
- hn ALTQ support = disabled

Configuration at MTU/MSS 1420 is very stable

IPsec-MB is what I was wondering about for you.

Share this post


Link to post
Posted ... (edited)
On 7/30/2023 at 12:11 PM, go558a83nk said:

IPsec-MB est ce que je me demandais pour vous.
... deleted Edited ... by veryhadu

Share this post


Link to post
1 hour ago, veryhadu said:

Data Ciphers : AES-256-GCM
Fallback Data Encryption Algorithm : AES-256-CBC
Auth digest algorithm : SHA512

No, I'm asking about the things on the linked page.  Have you tried to enable QAT and/or IPSec-MB.  QAT is supposed to be the best option if your device supports it, IPsec-MB next.

https://docs.netgate.com/pfsense/en/latest/hardware/cryptographic-accelerators.html

Share this post


Link to post
Posted ... (edited)
1 hour ago, go558a83nk said:

Non, je pose des questions sur les choses sur la page liée. Avez-vous essayé d'activer QAT et/ou IPSec-MB. QAT est censé être la meilleure option si votre appareil le prend en charge, IPsec-MB ensuite.

https://docs.netgate.com/pfsense/en/latest/hardware/cryptographic-accelerators.html

No for Qat but IPsec-MB its possible, I go tested that option. Never activated before.
Finally I will be able to answer you  :p

Better new values of 320 Mb/s in download and 340 Mb/s in upload. Edited ... by veryhadu

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...