When using a VPN/WireGuard configuration directly on the GL-X3000, I only get have the bandwidth than compared to using a VPN/WireGuard client on macOS. Upload speed is mostly not affected.
Are there any customisations possible to tweak whatever parameters to have a more performant VPN connection? Or is the poor bandwidth the result of hardware/software limitations of the GL-X3000 or OpenWRT?
I tested it with multiple VPN servers, different testing services, and did multiple tests over the previous past days. So far, it does not seem like a reliable solution to use VPN/WireGuard directly on the router if the download speed drops by 50% …
edit: I’m using 5G with Telekom in Germany; besides the VPN/WireGuard issues, the router is working perfect.
This limitation is likely a cpu/bus limitation on the hardware. If you need better performance, you can consider adding a Brume2 behind the x3000 to handle the vpn traffic. It is a little more performant for that purpose.
Nice idea, the Brume2 supports OpenVPN speeds of up to 150 Mbps and WireGuard speeds of up to 355 Mbps. So the increase is not that much compared to the X3000; but a nice idea!
And a good indicator that it’s most likely not possible to get reliable more bandwidth using some customized configuration. For most use cases, that’s fine …
Could jump up to the Slate AX then, or even the Flint 2. They offer higher speeds for wireguard. Alternatively, you could use something like tailscale and push the encryption process down to the asset.
It’s better to set up IPsec ikev2 on your client machines since it does not add much overhead. My connection without IPsec is about 1Gbps and with it 650 Mbps.
You can also set it on the modem itself and test. However it requires some technical knowledge as it is not supported through GL web interface. You can use either LuCi or ssh to do that.
Wireguard > IPSec imo. Easier to set up, faster performance, quick connections/reconnections. If you go all the way to the client machine, you should look into tailscale possibly. I have been in areas where ipsec doesn’t work, but i have yet to find somewhere I could not use wireguard or tailscale due to firewall/NAT/PAT issues. YMMV as always, and there is always another way to do things.
Wireguard is multi-threaded, so more cores improves speed. OpenVPN is single-threaded, so higher clock speed improves speed but more cores does not. The Spitz is dual core, 1.3ghz.
Wireguard is in the kernelspace, so faster. OpenVPN is in userspace, but with newer kernels has DCO which is a big help, like 3 to 10x. DCO requires 5.4 or higher, so it may not be available on both ends.
Now the question still remains if this can be adjusted and the 300Mbps is just a soft limit “that works.”