High level setup (details in attached pics):
2 x Slate AX routers
1 - configured as a wireguard server
1 - configured as a wireguard client -or- OpenVPN using PIA
Both are connected directly to HFC cablemodems via ethernet
Problem: when running wireguard site-to-site my speeds are really slow. when running as OpenVPN speeds are very fast (relative to my 100Mpbs internet service in that location).
I’ve tried many MTU settings ranging from 1280 - 1420. With different settings the download speed varies between ~10 - 20Mbps. What else can I try?
It is UDP but I have no concerns over the speed of my OpenVPN client. I just ran another speed test and hit 110Mbps which is faster than the 100Mbps plan I am subscribed to in the remote location (my home is 300Mbps).
It’s the speed of wireguard in the site-to-site configuration that is slow when I turn that on. It is around 20Mbps down on the same router that just pulled 110Mbps with Private Internet Access (PIA) running as OpenClient.
There really isn’t much to tweak with regard to Wireguard. You can change the port and the MTU, but that is about it from a performance perspective.Instead of using speedtest, can you set up iperf3 on both devices and run between them? It is offered in the app list from gl in the router GUI. I would run both TCP and UDP tests across both and see what you come up with. Be sure to set your bandwidth to 100M on udp tests since that is what you would expect to get. It will be important to show you the dropped packet % on udp tests. Ping if you need more assistance in setup.
Now use the same command line on the client with the -R flag as well and post the output. Try to vary the -b value some until you see consistent dropped packets.
Worth noting that my current speeds are even lower than the original (0.46Mpbs down) and jitter went from < 10ms to 80ms:
UDP Test: Unable to execute due to error (same message is in client and server log)
Error text from log: iperf3: error - unable to start stream listener: Address in use
-R variation does work but I need clarification on dropped packets (how to interpret the log). There are no apparent dropped values:
Sorry, I missed that you specified a port previously. You need iperf on the server and client side. I see you tried to assign that to the same port as wireguard. You need to use a different port, or stop the wireguard server and client before running this test. You should be able to use the default port for iperf3 and just drop the -p argument.
So on the server side, iperf3 -s and the client side iperf3 -c ip.addr -b100M -R and same without -R. That tests both directions to and from the client.
Keep in mind that a VPN back to your home is limited by the upload speed of the home internet. If Xfinity home internet has a 20 mbps upload speed, then the remote router will max out at that speed when pulling data from your home.
Thank you for your patience with me on this. I believe steep01’s response is exactly my problem. However, I will make a note of your iperf advice for future troubleshooting.
