Wireguard way slower than expected on AX1800 Flint

I just got this router a few days ago and I’ve been messing around with the Wireguard VPN. I was having trouble with this specific configuration file, so I figured updating to the latest firmware (4.1.0) would fix it. It didn’t end up fixing it.

Eventually I went ahead and created my own VPN server with Oracle Cloud. This VPN runs perfectly on my phone and PC, but when I put it on this router, the speeds are just terrible.

I have a 275mbps/60mbps connection. With Wireguard on my phone, it brings it down to like 245mbps/50mbps. However, on this router it struggles to even give a 100mbps/30mbps.

I never tried this new configuration on the previous version, could the new update be slowing speeds? This router was advertised to do 500mbps on Wireguard, it’s barely even doing 10% of that.

I created the VPN with pivpn, it’s on a server with a 4gbps speed, so it’s not the VPN itself. Like I said, it runs perfect on my phone and computer, but not the router. What’s the problem?

How are you testing? I’ve not had any problems hitting 500+ on the AXT1800 (which isn’t to say something isn’t weird with your hardware… Just that it’s not a general problem).

In general I’ve found GL.iNet’s VPN numbers to be pretty conservative. It’s not uncommon for me to get 15-20% over advertised speeds, though in fairness I generally run stripped down builds.

I’ve done it all. Different ethernet cables, disabling WiFi, changing MTU, etc. etc. etc. etc. it just does not run the full speeds. Wireguard, on the same configuration, works flawlessly on every single other device other than this router.

It’s as simple as disabling all WiFi, enabling the VPN, connects without issue, run a ookla speed test and see speeds that are 60 - 70% less what I should be getting. Then I disable the VPN, re-enable 5Ghz WiFi, connect my phone to the flint router, open Wireguard on my phone, enable the same exact configuration, run an ookla test and then see I get the exact speeds I’m supposed to be getting. It doesn’t make any sense, it almost feels like weak hardware, but it shouldn’t be.

My only good guess is some specific setting I’m missing or a problem with the latest 4.1.0 update.

I’m still not clear exactly what you’re doing.

Are you saying that if you have an ethernet connection to the router, enable WG on router, do a speedtest from computer (to ookla or similar), you’re getting 100/30? Then disable WG on router, enable WG on computer (or phone), do a speedtest to the same server and you’re getting 275/60? What happens if you download/run speedtest-cli on the router itself while WG is connected?

(Speedtest CLI: Internet speed test for the command line) armhf is what you’ll need…

router + ethernet to pc + wifi disabled + wireguard = 100/30 (bad)

router + 5Ghz wifi + wireguard = 100/30 (bad)

router + no wireguard = 275/60 (good)

router + wireguard installed on iPhone + 5Ghz WiFi = 250/50 (good)

router + wireguard installed on PC + ethernet = 250/50 (good)

That’s the simplest way I can explain it. Hopefully you see the problem, if I do a speedtest on CLI, similar results. Same thing with fast.com or any variants. It simply is just very slow on the router for seemingly no reason. I may attempt a downgrade in firmware if it’s worthwhile and safe.

I doubt that is your issue, but it might be worth a try. What does top show on the router while you’re doing a speed test?

Have you actually run speedtest-cli on the router itself (which would eliminate firewalling/NAT related slowdowns?)

I’m unfamiliar with pivpn, so can’t comment much there. What is the top output on the server as well when doing speedtests?

Even hardware from 2016 can get 100mpbs on WG pretty easily. There have been … let’s say peculiarities with the Flint’s software over it’s lifetime, and the qsdk kernel support is not inspiring. But again, running the same kernel and same processor I’ve never had problems clearing 500mbps, even across the internet.

Well now it seems I’m having even more trouble with the VPN setup. It’s behaving extremely strange. I can’t load webpages, but I can still run an ookla speed test through the windows app. I tried the CLI speedtest and it won’t run with the router wireguard vpn, but it will without it.

Strangely enough, if I turn on wireguard on the router, plug it into my pc with ethernet, and then turn on another VPN on my computer, then I can access the internet and it gives me like 200/40. I’m just so confused.

I know this suggestion will be frustrating, but I might take a step back and start over with the router configuration. You’ll have to do that anyway if you downgrade, so I would try it on the latest firmware first. Do a full reset, readd the Wireguard profile and see what happens then.

I say that realizing that a full reset is never the solution, and that this is probably your main router, so there’s a lot of headache involved (whereas for me these are mostly travel routers and toys). But when I’ve been in cases where I can’t figure out what’s going wrong, sometimes it has been easier to start from scratch and break the problem down than to methodically try to fix the plane while it’s flying. I’m happy to try to think through the current install with you, but if it’s relatively easy for you to reset, that’s something I would consider if I were in your spot.

Not a frustrating suggestion at all. This is currently a secondary router I want to be my main. But I should mention, I’ve already done this 3 or 4 times. I even completely deleted my cloud vps and reinstalled everything, got new configurations, uploaded that to the router multiple times. I just have no idea.

I suppose I’ll try to downgrade with Uboot, although not looking forward to it, I just bricked a TP-Link a week ago using TFTP.

Depending on your desire to use the actual GL.iNet firmware, you might also consider trying a more stock OpenWrt build, which can be made from the gl-infra-builder. I’ve found it to be considerably more stable on my AXT1800 than the stock firmware. Happy to help you through building or send you a build privately if you’re interested.

This post would’ve been an essay if I included all the context. I’ve been through a nightmare in the past 2 weeks trying to get any Wireguard VPN working on any router. I’ve tried a Raspberry Pi 4b with OpenWRT and RaspAP. Didn’t work. I tried a TP-Link Aracher A7, didn’t work and I bricked the router. So now here I am with the flint.

I’ve honestly been through hell trying to fully figure out OpenWRT that I didn’t even want to spend the money on the flint, but for the simplicity, it was supposed to be worth it. Unless I have extermely straightforward directions, I’m not super confident about that. I’m just slightly irritated that it’s very, very close to working on stock, but just won’t.

Have you considered trying OpenVPN? With reasonable settings, it’s not too hard to get 160 plus megabits on that hardware.

If you already have the server set up, I don’t mind showing step by step directions for stock OpenWRT. Depending on your use case, the upcoming Tailscale update might also be worth looking into, though. I suspect you’ll only get about 100 megabits there based on my current testing.

This would feel like a waste of money if it were just OpenVPN, could’ve just bought some cheap used tp-link and ran it like that. I don’t want to compromise a ton of my network.

I downgraded back to version 3. Same results, like 40/40. Again runs flawlessly on my phone, same config. Ugh.

I appreciate the suggestions but I’m feeling pretty defeated, 2 weeks straight of this is mind-numbing for me. All just to put a VPN on a router.

Edit: Speedtest CLI ran. Same results. Great.

Edit 2: I literally have the wireguard VPN installed on the router. If I run a speed test on my phone (connected on 5ghz) the speeds are terrible. But if I run Cloudflare Warp on my phone (so now a double-vpn) then the speeds are faster than if warp is off? What? I’m just mindblown at this point.

Again, are you running speedtest-cli on the router or are you running it on your computer?

People poopoo ovpn, but with the new routers that have cortex53’s, you can get performance that is on par with WG from older armv7 solutions. I doubt you’ll find a cheap TP-Link that will do 180mbps up/down on OpenVPN. But anyway.

Can you post your config file with keys redacted?

You want me to SSH into the router and run it like that? Never done that, didn’t think that could be done.

Just redact the keys? Everything else is safe?

Yes, ssh into router, download / install speedtest (armhf) from link I sent way back, ungzip, run. The point is to answer whether the problem is the link itself or some sort of firewalling/NAT/something else.

I’d redact the endpoint IP too, but everything else is ok.

Alright, I’ll try that. In the meantime…


PrivateKey = xxx

Address =



PublicKey = xxx

PresharedKey = xxx

AllowedIPs =,::/0

Endpoint = xxx

Take out the DNS to see if that makes a difference, and add a /32 on the end of your address.

e.g. my current config:

Address =
ListenPort = 5320
PrivateKey = PK

AllowedIPs =
Endpoint = w.x.y.z:1234
PersistentKeepalive = 25
PublicKey = PK
PresharedKey = PK

I actually sent the wrong config, but regardless I made those changes. Maybe a coincidence but it lowered ping by a little and now the download goes around 100 - 130. Still not great but better.

What is your output from

wg show

on the router? Basically, do we actually know that traffic is going through the tunnel?

(redact keys and endpoint)