B2200 velica - MSS clamping issue - extremely slow wireguard/openvpn

jbourne · September 3, 2021, 2:27pm

Hi everybody,

After resolving the mesh issues with B1200 I thought that it might be a good idea to upgrade to velica, since they are supposed to have a separate backhaul radios (correct me if I get it wrong).

Long story short, units arrived, I went through the basic installation, copied my wireguard server settings from B1200 and… I am getting like less than 1Kb per second bandwidth. Any other device using exactly the same config is able to saturate my ISP uplink (B1200, Android phone, laptop). But velica is unbelievably slow. I did re-set of the unit, no avail. Did initial setup and VPN configuration via web interface – no difference. Whatever I do, wireguard is unusable. Mullvad is the provider, but like I said, exactly the same config works just fine with any other device connected to the same network.

Any ideas why wireguard is so slow?

Regards.

jbourne · September 3, 2021, 2:35pm

Extra data point: openvpn is extremely slow, too.

jbourne · September 3, 2021, 4:22pm

It was looking like an MTU issue, so I tried mssfix for openvpn (works) and explicitly specifying low MTU for wireguard (works, with pretty low 1360).

Hence, it looks like the mss clamping is not being set up properly (unlike B1200, which seems to be doing the right thing automatically).

alzhao · September 4, 2021, 8:43am

Wireguard for Mullvad should be set at 1380 which should be done in current firmware.

Fisto · November 21, 2022, 5:27pm

I am also having extremely slow openvpn with my Velica.

How can I access mssfix inside the router?

alzhao · November 22, 2022, 8:23am

Some examples

iptables  -I INPUT -p tcp -m tcp  --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1260
iptables  -I OUTPUT -p tcp -m tcp   --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1260
iptables  -I FORWARD -p tcp -m tcp   --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1260

iptables -t mangle -I INPUT -p tcp -m tcp  --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1260
iptables -t mangle -I OUTPUT -p tcp -m tcp   --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1260
iptables -t mangle -I FORWARD -p tcp -m tcp   --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1260

alzhao · November 22, 2022, 8:24am

You set up openvpn on Velica, right? what is the speed now?

Fisto · November 22, 2022, 5:27pm

about 14mbps.

and I get 120-150 without VPN.

alzhao · November 23, 2022, 1:59am

Openvpn max 25Mbps on B2200.

So depends on the encryptions 14Mbps may be normal