What kind of speeds can you expect while using a wireguard vpn?
S920 has the wireguard-kmod module loaded and almost symmetrical gigabit. Pi4 has wireguard-dkms, is within a mile away and has a 400 mbit downlink and very bad upload.
[root@S920 ~]# iperf3 -c Pi4
Connecting to host Pi4, port 5201
[ 5] local S920 port 22685 connected to Pi4 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 36.3 MBytes 304 Mbits/sec 0 3.00 MBytes
[ 5] 1.00-2.00 sec 39.2 MBytes 329 Mbits/sec 0 3.00 MBytes
[ 5] 2.00-3.00 sec 39.5 MBytes 331 Mbits/sec 0 3.00 MBytes
[ 5] 3.00-4.00 sec 39.5 MBytes 331 Mbits/sec 0 3.00 MBytes
[ 5] 4.00-5.00 sec 38.2 MBytes 320 Mbits/sec 0 3.00 MBytes
[ 5] 5.00-6.00 sec 38.1 MBytes 320 Mbits/sec 0 3.00 MBytes
[ 5] 6.00-7.00 sec 38.8 MBytes 326 Mbits/sec 0 3.00 MBytes
[ 5] 7.00-8.00 sec 39.0 MBytes 327 Mbits/sec 0 3.00 MBytes
[ 5] 8.00-9.00 sec 39.0 MBytes 326 Mbits/sec 0 3.00 MBytes
[ 5] 9.00-10.00 sec 36.7 MBytes 309 Mbits/sec 1 1.50 MBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 384 MBytes 322 Mbits/sec 1 sender
[ 5] 0.00-10.02 sec 384 MBytes 321 Mbits/sec receiver
Probably goes higher than these speeds but I don't have anything more realistic to test that goes through the internet. I think I've tested wg across LAN before and got 700 mbit? Need to retest.
See this link about enabling wireguard-kmod:
FingerlessGloves adventuring through internet pipes . This is my blog about selfhosting and other computer technologies, why not pop by!
Now this kernel module isn’t fully production ready and is considered `experimental` but for testing or bleeding edge users, you can install it today! To install it you simply need to SSH or access the console of OPNsense and install the package pkg install wireguard-kmod once installed, simply reboot OPNsense and you’ll now be using the WireGuard kernel module for OPNsense. Note, the wireguard-go service will show as stopped since the go implementation isn’t being used, due to the kernel module, OPNsense will fix this in a later release.
P.S Wireguard has a quirk on opnsense where it can initialize before DNS works and cause all hostname-based tunnels to fail on reboot. You need a oneshot to fix this. I just put everything in one autorun file at /usr/local/etc/rc.syshook.d/start/99-fixwg
It's been months and I don't remember how or why this works. If you got to this solution from a search engine, hope this helped you.