Consitent intermittent latency/loss spikes with wireguard tunnel.

xparanoik · Mar 11, 2021, 11:08 PM

@jimp Thanks for checking this thread. That was something I thought of doing, glad you suggested it. I went ahead and checked pretty much all of the logs available through the GUI, and didn't see anything recurring that happens at/near the same time. The firewall reload due to hostname aliases seems to be every 15 minutes. Checked my temporary smokeping again and it does seem ito happen at exactly every 10 minutes, lasts 1 to 2 minutes and comes back to normal immediately.

I am going to spin up a VM somewhere and create a WG tunnel to see if I can rule out Mullvad as the culprit.

xparanoik · Mar 12, 2021, 1:25 AM

Update: I created a VM on DigitalOcean, configured wireguard and then created a new tunnel on pfSense (same setup as before) and changed my PBR rules to force smokeping traffic through this new tunnel instead.

Looks like this issue is isolated to Mullvad and not tied to pfsense/freebsd/wireguard.

heatmiser · Mar 12, 2021, 1:26 AM

@xparanoik This is great information. Guess we’ll need to pass this on to Mullvad support. I wonder what they have to say?

xparanoik · Mar 12, 2021, 1:34 AM

@heatmiser I shared my findings with them, if they reply with anything useful I will post it here :)

heatmiser · Mar 12, 2021, 1:37 AM

@xparanoik Excellent work! The followup on this forum is incredible.

gabacho4 · Mar 12, 2021, 5:31 AM

@xparanoik great find! I'll give mullvad a few days to respond and then consider moving to nord or rolling my own vps if needs be. Thanks for your work!

gabacho4 · Mar 12, 2021, 8:24 AM

Spun up a Linode instance with wireguard and so far, absolutely no packet loss despite streaming and doing speedtests etc from multiple devices at the same time. Definitely appears to be a Mullvad issue. I generally like not having another box to administer and update and all but, in this case, I might just roll over to Linode permanently.

xparanoik · Mar 12, 2021, 12:16 PM

@gabacho4 you know, a VPS for $5/mo is about the same price as Mullvad, so really it's not that bad of an option. If you set up the firewall properly, and do regular security patching, it should be a good alternative. But yeah, one more box to manage lol

gabacho4 · Mar 12, 2021, 12:31 PM

@xparanoik did Mullvad get back to you? I sent them a note too and they wanted me to do a trace route to the server I use while connected to the VPN and when on WAN. I'll play with it in a while but so far, on Linode, I've had no packet loss at all. So I don't believe it's an issue with my internet provider or my end at all. But I'll wait till it's later when everyone else in town/the country starts to connect to the internet and see how things look. I still think my Linode performance has been better.

xparanoik · Mar 12, 2021, 12:32 PM

@gabacho4 Not yet. They originally asked me for traceroutes too, and suggested internet peering issues, etc... They never offered to look into their own systems, but now that I showed them the issue seems to be unique to their tunnels, I am waiting to see what they say.

gabacho4 · Mar 12, 2021, 12:34 PM

@xparanoik ok. I feel the same way. I have no issues when not connected to Mullvad, via OpenVPN and wireguard with other providers. I have crap internet as a result of packet loss when I am connected with Mullvad. Doesn't really matter what traceroute says or doesn't say.

xparanoik · Mar 12, 2021, 12:46 PM

@gabacho4 yep, I am 99% sure it's something on their end.

heatmiser · Mar 13, 2021, 12:41 AM

@xparanoik I put a question out to them as well. I wonder if they're going to ignore us?

xparanoik · Mar 14, 2021, 1:56 AM

@heatmiser @gabacho4 I got an answer from them earlier today:

Every 10 minutes we have a service that queries our API, that will set wg peers to the WireGuard interfaces.

I think this might be why the latency spikes a few times every ten minutes via a WireGuard tunnel.

We will investigate it more, and see if we can reduce the spikes.

heatmiser · Mar 14, 2021, 1:56 AM

@xparanoik Awesome. The investigative work was right down to the number.

I see the same thing every 10 minutes into gaming, though not in streaming, my guess is buffering helps.

Hopefully they get us something more sooner than later.

gabacho4 · Mar 15, 2021, 4:05 AM

@xparanoik very nice that you were able to get something better than a tier 1 tech support response. That seems to be a pretty compelling answer. For the time being, Linode it is for me!

xparanoik · Mar 28, 2021, 8:21 AM

@gabacho4 @heatmiser thanks all for the help in troubleshooting this, appreciate you checking so that I knew this issue wasn't unique to my setup. Mullvad is an awesome provider, just hoping they fix this quirk soon. Cheers.

heatmiser · Mar 28, 2021, 8:21 AM

@xparanoik Well.....I guess this is a moot point now.....

xparanoik · Mar 28, 2021, 10:14 AM

@heatmiser hahaha, yeah.. this wireguard thing is pretty sad. going to move my router to openbsd and use their wireguard which comes on base.

heatmiser · Mar 28, 2021, 10:35 AM

@xparanoik You mean Opnsense or actually doing this on a BSD? I'm building out a new Opnsense installation right now on a separate PC so I don't screw up my network.

I can't believe the debacle Pfsense has created here.