Why does WireGuard slow down the entire WAN-LAN speed?

[Tech9]

And the entreprise grade hardware is often 1-2 generation behind the home gateway market.

The advertisement on beta testers market is even 1-2 generations ahead of technology available.

 

[RMerlin]

I can see why router oems use BCM due to keeping the price down as they tend to be about half the price of QCOM.

Asus are probably more Broadcom-centric than the other brands however, I think Netgear has as many, if not more SKUs that are Qualcomm-based rather than Broadcom-based.

Asus seems to maintain a very small number of SKUs on Qualcomm, probably so they can maintain the know-how for an alternative platform if something were to happen to Broadcom and their products.

 

[sfx2000]

I can see why router oems use BCM due to keeping the price down as they tend to be about half the price of QCOM.

Complex space - QCA has a lot of design wins, but most are with their lower end chipsets in Mesh space, and there, they are quite strong, both in hardware, and their QSDK platform which is mesh native...

Broadcomm has design wins in the all-in-one Router/AP retail space - devices you see here...

MediaTek - low end, but interesting from a FOSS perspective as they have been actively contributing...

What is intereting is the dark-horse SoC's - Quantenna - they've been very active here with ISP provided gear, and their stuff is just fine

 

[JohnLi]

So I set up a WireGuard VPN server on my ASUS RT-AX86U (running firmware 3.0.0.4.388_20566), but when I turn on the server, the total WAN-LAN speed implodes from 940/940 Mbit to ~ 480/480 Mbit, even though there are no clients connected yet. What's up with that?

I used the search, and apparently WireGuard does not do NAT acceleration which causes the problem, but is there really no other way?

I find it hard to believe that traffic outside the VPN connection must slow down too in order to achieve a higher VPN speed overall. Is that really the case?

I dot now how it work, but after reboot - Flow cache is disabled, if you turn on QOS and then turn it of - Flow cache is turns on and WAN-LAN speeds returns. Sorry for my english

 

[torstein]

Is Broadcom Flow Cache support something that can be added to Wireguard at some point if the Wireguard devs work at it, or is it totally incompatible?

Also, now that ISP-speeds are approaching >1gpbs, is the router hardware underpowered or will it be able to keep pace?

 

[RickGW]

Thanks for all replies! With the new official 3.0.0.4.388.22068 firmware the problem seems gone! I get full 1 Gbps from clients outside the VPN and 400-500 Mbps from clients inside. So in the end it didn't seem hardware related.

 

[torstein]

Thanks for all replies! With the new official 3.0.0.4.388.22068 firmware the problem seems gone! I get full 1 Gbps from clients outside the VPN and 400-500 Mbps from clients inside. So in the end it didn't seem hardware related.

Changelog (emphasis mine)

Version 3.0.0.4.388.22068
54.82 MB
1. Improved system stability.
2. Fixed the IPsec VPN compatibility issue with Win10.
3. Fixed the VPN fusion user interface issues under the HTTPS connection.
4. Fixed Client DOM Stored XSS vulnerability.

5. Improved Wireguard performance.

6. Fixed the WAN setting GUI bugs.

 

[Undercoat6441]

Changelog (emphasis mine)

Nice. Hopefully it will roll out soon on Merlin builds.

 

[torstein]

Thanks for all replies! With the new official 3.0.0.4.388.22068 firmware the problem seems gone! I get full 1 Gbps from clients outside the VPN and 400-500 Mbps from clients inside. So in the end it didn't seem hardware related.

Can others not running merlin confirm this? I’d love to switch to wireguard.

 

[wrink]

It would be great if RMerlin can confirm if this Wireguard implementation can be rolled into Merlin builds in the future. It'd make RMerlin's Wireguard implementation reflect this critical Wireguard improvement (I'm already using Wireguard on RMerlin)

 

[RMerlin]

It would be great if RMerlin can confirm if this Wireguard implementation can be rolled into Merlin builds in the future. It'd make RMerlin's Wireguard implementation reflect this critical Wireguard improvement (I'm already using Wireguard on RMerlin)

There's no reason why it wouldn't, Asuswrt-Merlin's WireGuard implementation is from Asus.

 

[wrink]

There's no reason why it wouldn't, Asuswrt-Merlin's WireGuard implementation is from Asus.

Great to hear. Yes, you'd noted the Asus implementation of Wireguard earlier, which now their changelog shows "improvement", so I will wait for when you'll roll it in. Thanks.