Low-ish performance of Wireguard

nazar-pc

I'm doing iperf3 from desktop (wired) to Android phone (Wi-Fi).
When testing directly I get ~600 Mbps:

[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  80.9 MBytes   679 Mbits/sec    0   1.41 MBytes       
[  5]   1.00-2.00   sec  75.0 MBytes   629 Mbits/sec    0   2.25 MBytes       
[  5]   2.00-3.00   sec  73.8 MBytes   619 Mbits/sec    0   1.57 MBytes       
[  5]   3.00-4.00   sec  75.0 MBytes   629 Mbits/sec    0   1.51 MBytes       
[  5]   4.00-5.00   sec  73.8 MBytes   619 Mbits/sec    0   1.31 MBytes       
[  5]   5.00-6.00   sec  75.0 MBytes   629 Mbits/sec    0   1.41 MBytes       
[  5]   6.00-7.00   sec  75.0 MBytes   629 Mbits/sec    0   1.51 MBytes       
[  5]   7.00-8.00   sec  73.8 MBytes   619 Mbits/sec    0   1.62 MBytes       
[  5]   8.00-9.00   sec  61.2 MBytes   514 Mbits/sec    0   1.26 MBytes       
[  5]   9.00-10.00  sec  70.0 MBytes   587 Mbits/sec    0   1.24 MBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec   733 MBytes   615 Mbits/sec    0             sender
[  5]   0.00-10.00  sec   724 MBytes   607 Mbits/sec                  receiver

Unfortunately, when Wireguard is involved, performance drops to under 100 Mbps (and a lot of retransmissions):

[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  14.3 MBytes   120 Mbits/sec  169    395 KBytes       
[  5]   1.00-2.00   sec  15.0 MBytes   126 Mbits/sec  435    242 KBytes       
[  5]   2.00-3.00   sec  14.3 MBytes   120 Mbits/sec  177    136 KBytes       
[  5]   3.00-4.00   sec  9.75 MBytes  81.8 Mbits/sec   46    100 KBytes       
[  5]   4.00-5.00   sec  9.56 MBytes  80.2 Mbits/sec   26    136 KBytes       
[  5]   5.00-6.00   sec  8.82 MBytes  74.0 Mbits/sec   57    126 KBytes       
[  5]   6.00-7.00   sec  8.95 MBytes  75.1 Mbits/sec   38    122 KBytes       
[  5]   7.00-8.00   sec  8.89 MBytes  74.5 Mbits/sec   16    111 KBytes       
[  5]   8.00-9.00   sec  8.89 MBytes  74.5 Mbits/sec    0   94.8 KBytes       
[  5]   9.00-10.00  sec  7.90 MBytes  66.3 Mbits/sec    0   94.8 KBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec   106 MBytes  89.2 Mbits/sec  964             sender
[  5]   0.00-10.00  sec   104 MBytes  87.3 Mbits/sec                  receiver

I made sure that MTU is 1420 on desktop and Wireguard interfaces on pfSense and Android.

CPU usage on the pfSense seems low/normal. What else can I check to get performance closer to the underlying network?