Wireguard / bad performance after reboot
-
Hello,
I'm facing a strange behavior when running Wireguard, and I would need your help to understand what is happening and how to solve this. I initially posted on Reddit, and was suggested to ask for your help here.
Configuration: pfSense CE 2.7 running in a VM (KVM/QEMU on Proxmox), Wireguard (v0.2_0_2) to my VPN provider (I tested two actually).
MTU/MSS set on both WAN and Wireguard interfaces (1500/1500 and 1320/1320 respectively, but the values don't seem to be the issue here).
WAN interface is a bridge, on a 10G Mellanox ConnectX-3.
Just in case: this pfSense instance also runs 2 OpenVPN clients.Symptom: I manage to get good performance with above settings: 1 Gbps download / 400 Mbps upload.
But as soon as I reboot the pfSense VM, the performance drops dramatically: 35 Mbps download / 15 Mbps upload, sometimes worse.
The strange thing is: in the UI, if I now go to the WAN interface and click on Save (then Apply), the performance is back to 1 Gbps download / 400 Mbps upload.
Then if I reboot, the performance drops again, until I apply the interface configuration again, and so on.It looks like some configuration is forced when reapplying the interface settings, and not kept after the reboot maybe?
I tested in many different situations (with/without MTU and/or MSS on either interface), the behavior is still the same: just reapplying the interface configuration restores the performance. So the issue doesn't seem to be with the MTU/MSS values or the provider, maybe a problem in pfSense or the Wireguard package itself? Or something else I missed?
I also completely removed my Wireguard configuration + package (unchecking "keep configuration" in WG settings), rebooted then reconfigured from scratch: same behavior.I searched and couldn't find any solution, so I hope you could maybe guide me to a solution or a workaround.
Thank you in advance for your time and help. -
-
@ockm Your running one wg-client?
Usually MTU of 1420 is advised for a wg-interface. -
@Bob-Dig Yes, only 1 wg-client, and 2 openvpn-clients.
As per the MTU value of 1320, I know it's not optimal, but that is the default MTU proposed by my provider (AirVPN), and was "good enough" to highlight the issue and narrow the possible cause (didn't want to mess with too many parameters): better have a MTU that is too low than too high, as far as I understand.
Once I get a solution or workaround, it will certainly start playing with the values to optimize my bandwidth and will certainly come to set it at 1420.