Wireguard Wireguard on AX86 - low throughput and flood of syslog entries

[Torson]

I configured wireguard through both @Martineau's WireGuard session Manager and @Odkrys' experimental scripts for HND routers (not at the same time).

In both cases the connection to the VPN provider's wireguard server peer completes successfully and I can browse the internet. However the throughput through the router configured connection is only a fraction of the throughput when using a wireguard client peer software (i.e. 2.5/3 vs. 220/11 Mbps on a 200/10 Mbps cable plan).

The issue appears to be connected to a flood of entries in the system log (at least 3 every second) occuring after starting the wireguard client peer on the router:

Mar  7 00:09:08 kernel: blog_link: overwriting ct_p=ffffffc02d1c1650, new_ct=ffffffc02ad9b970 at idx=0

I wasn't able to locate any similar incidents.
Any suggestion or pointer are appreciated.

 

[Torson]

I did a nuclear reset of the router. Then a minimal configuration, formatted /jffs, installed amtm and formatted the USB drive and let diversion install Entware.
After all the reboots I then installed @Martineau's flavor of WireGuard. It connects alright, but the speed issue remains and also the syslog error as before:

Mar  7 11:28:56 kernel: blog_link: overwriting ct_p=ffffffc02e701c90, new_ct=ffffffc001884330 at idx=0

...more than one can count.

Is anyone running WireGuard on the AX86?

 

[PrivatePerson]

I didn't set the WireGuard, but I have the same error in the logs.

 

[ZebMcKayhan]

I did a nuclear reset of the router. Then a minimal configuration, formatted /jffs, installed amtm and formatted the USB drive and let diversion install Entware.
After all the reboots I then installed @Martineau's flavor of WireGuard. It connects alright, but the speed issue remains and also the syslog error as before:

Mar  7 11:28:56 kernel: blog_link: overwriting ct_p=ffffffc02e701c90, new_ct=ffffffc001884330 at idx=0

...more than one can count.

Is anyone running WireGuard on the AX86?

Have you verified that flow cache has been properly disabled?

fc status

 

[doczenith1]

Have you verified that flow cache has been properly disabled?

fc status

Does/should flow cache be disabled when using Wireguard? I was not aware of this. Flow cache is currently enabled on my AC86U and Wiregurad Manager 4.16 seems to be working ok....hang on....just looked at my log. Seeing a ton of

May  7 03:02:15 kernel: ^[[0;33;41m[ERROR mcast] bcm_mcast_blog_process,789: blog allocation failure^[[0m

What would be the downsides to having flow cache enabled other than the log entries? I lose half of my 1 gig bandwidth with flow cache disabled.

 

[ZebMcKayhan]

Does/should flow cache be disabled when using Wireguard? I was not aware of this. Flow cache is currently enabled on my AC86U and Wiregurad Manager 4.16 seems to be working ok....hang on....just looked at my log. Seeing a ton of

May  7 03:02:15 kernel: ^[[0;33;41m[ERROR mcast] bcm_mcast_blog_process,789: blog allocation failure^[[0m

What would be the downsides to having flow cache enabled other than the log entries? I lose half of my 1 gig bandwidth with flow cache disabled.

For some AX models it needs to be disabled. On Ac86 wgm/@Odkrys scripts uses firewall rules to skip hw acceleration for wireguard packages only and flow cache could be kept enabled.

I'm running Wireguard (wgm) on AC86 and gets full speed and no log messages.

Perhaps this have changed in the latest firmware?

 

[chongnt]

For some AX models it needs to be disabled. On Ac86 wgm/@Odkrys scripts uses firewall rules to skip hw acceleration for wireguard packages only and flow cache could be kept enabled.

I'm running Wireguard (wgm) on AC86 and gets full speed and no log messages.

Perhaps this have changed in the latest firmware?

I’m running on AC86 also noticed a lot of such error message especially when watching YouTube. I don’t see any performance issue so I logged this to a different file using syslog-ng.
But then I’m still using v4.15b9, probably time to update to latest version. I remember roughly there is changes in wg11.conf file that the hash is no longer required before address and dns field. Will test it out later.