what speeds can you get with WG on a SG-3100
-
Hello - I'm currently using openvpn and can only achieve about 80Mbit speeds on this appliance on a 1gig connection.
No matter the provider or even a dedicated server running openvpn. Looking at 2.5.0 with WG support, was wondering what kind of speeds are being achieved in testing with WG? Would it be worth to upgrade my appliance? -
i did some experimenting with a dedicated setup. I am not using netgate appliance, but you mentioned a dedicated server and you are still getting poor OpenVPN speeds. In this test I used a Intel Pentium Gold G5400 (2c/4t), $65 USD CPU, so nothing crazy.
Test Setup
pfSense 2.5.0 (2.5.0.a.20210121.2350)
Intel Pentium Gold G5400, 1Gbps NIC Intel i210AT, 10 Gbps NIC X710-DA2Clients, directly connected to pfSense box, so no switches or anything involved. Clients are i9-9900KF and i7-7800X (both watercooled and overclocked, both running Ubuntu 20.04)
Using the the latest 2.5.0 pfSense snapshot, I definitely has able to mess with the OpenVPN settings get it close to Wireguard on 1 Gbps NICs. I didn't include the results here, as they were both basically ~900 Mbps. The interesting results were on 10 Gbps, probably because the G5400 CPU was overkill for 1 Gbps.
Verify Firewall Setup
Connecting using X710-DA2 SFP+ ports, clients had X520-DA2 NICs, I verified pfSense firewall throughput. Using a NAT port forward.
[ 5] local 192.168.1.200 port 59916 connected to 192.168.1.249 port 5203 [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 1.08 GBytes 9.28 Gbits/sec [ 5] 1.00-2.00 sec 1.10 GBytes 9.41 Gbits/sec [ 5] 2.00-3.00 sec 1.08 GBytes 9.30 Gbits/sec [ 5] 3.00-4.00 sec 1.10 GBytes 9.41 Gbits/sec [ 5] 4.00-5.00 sec 1.09 GBytes 9.40 Gbits/sec [ 5] 5.00-6.00 sec 1.10 GBytes 9.41 Gbits/sec [ 5] 6.00-7.00 sec 1.10 GBytes 9.41 Gbits/sec [ 5] 7.00-8.00 sec 1.09 GBytes 9.40 Gbits/sec [ 5] 8.00-9.00 sec 1.10 GBytes 9.41 Gbits/sec [ 5] 9.00-10.00 sec 1.10 GBytes 9.41 Gbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 10.9 GBytes 9.38 Gbits/sec 499 sender [ 5] 0.00-10.00 sec 10.9 GBytes 9.39 Gbits/sec receiverNice, pfSense 2.5.0 with a $65 CPU was able to firewall 10 Gbps!!
Now I tested Wireguard vs OpenVPN (AES-256-GCM, tested with various settings MTU/MSS, buffer sizes)
OpenVPN
[ 5] local 192.168.198.2 port 57158 connected to 192.168.2.11 port 5201 [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 160 MBytes 1.34 Gbits/sec [ 5] 1.00-2.00 sec 157 MBytes 1.32 Gbits/sec [ 5] 2.00-3.00 sec 138 MBytes 1.16 Gbits/sec [ 5] 3.00-4.00 sec 159 MBytes 1.33 Gbits/sec [ 5] 4.00-5.00 sec 170 MBytes 1.43 Gbits/sec [ 5] 5.00-6.00 sec 176 MBytes 1.47 Gbits/sec [ 5] 6.00-7.00 sec 158 MBytes 1.33 Gbits/sec [ 5] 7.00-8.00 sec 160 MBytes 1.34 Gbits/sec [ 5] 8.00-9.00 sec 168 MBytes 1.41 Gbits/sec [ 5] 9.00-10.00 sec 168 MBytes 1.41 Gbits/sec [ 5] 10.00-11.00 sec 177 MBytes 1.49 Gbits/sec [ 5] 11.00-12.00 sec 172 MBytes 1.44 Gbits/sec [ 5] 12.00-13.00 sec 176 MBytes 1.48 Gbits/sec [ 5] 13.00-14.00 sec 176 MBytes 1.48 Gbits/sec [ 5] 14.00-15.00 sec 165 MBytes 1.38 Gbits/sec [ 5] 15.00-16.00 sec 160 MBytes 1.34 Gbits/sec [ 5] 16.00-17.00 sec 155 MBytes 1.30 Gbits/sec [ 5] 17.00-18.00 sec 150 MBytes 1.26 Gbits/sec [ 5] 18.00-19.00 sec 145 MBytes 1.21 Gbits/sec [ 5] 19.00-20.00 sec 154 MBytes 1.30 Gbits/sec [ 5] 20.00-21.00 sec 154 MBytes 1.30 Gbits/sec [ 5] 21.00-22.00 sec 158 MBytes 1.32 Gbits/sec [ 5] 22.00-23.00 sec 143 MBytes 1.20 Gbits/sec [ 5] 23.00-24.00 sec 153 MBytes 1.28 Gbits/sec [ 5] 24.00-25.00 sec 155 MBytes 1.30 Gbits/sec [ 5] 25.00-26.00 sec 154 MBytes 1.29 Gbits/sec [ 5] 26.00-27.00 sec 166 MBytes 1.39 Gbits/sec [ 5] 27.00-28.00 sec 168 MBytes 1.41 Gbits/sec [ 5] 28.00-29.00 sec 173 MBytes 1.45 Gbits/sec [ 5] 29.00-30.00 sec 173 MBytes 1.45 Gbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-30.01 sec 4.73 GBytes 1.35 Gbits/sec 13366 sender [ 5] 0.00-30.00 sec 4.73 GBytes 1.35 Gbits/sec receiverWireguard
[ 5] local 10.0.0.2 port 45722 connected to 192.168.2.11 port 5201 [ ID] Interval Transfer Bitrate Retr Cwnd [ 5] 0.00-1.00 sec 721 MBytes 6.04 Gbits/sec 16 979 KBytes [ 5] 1.00-2.00 sec 744 MBytes 6.24 Gbits/sec 43 1013 KBytes [ 5] 2.00-3.00 sec 751 MBytes 6.30 Gbits/sec 221 1011 KBytes [ 5] 3.00-4.00 sec 748 MBytes 6.27 Gbits/sec 64 541 KBytes [ 5] 4.00-5.00 sec 742 MBytes 6.23 Gbits/sec 48 719 KBytes [ 5] 5.00-6.00 sec 766 MBytes 6.43 Gbits/sec 2 1017 KBytes [ 5] 6.00-7.00 sec 748 MBytes 6.27 Gbits/sec 249 981 KBytes [ 5] 7.00-8.00 sec 745 MBytes 6.25 Gbits/sec 17 806 KBytes [ 5] 8.00-9.00 sec 738 MBytes 6.19 Gbits/sec 30 880 KBytes [ 5] 9.00-10.00 sec 741 MBytes 6.22 Gbits/sec 32 839 KBytes [ 5] 10.00-11.00 sec 731 MBytes 6.13 Gbits/sec 68 834 KBytes [ 5] 11.00-12.00 sec 758 MBytes 6.35 Gbits/sec 48 823 KBytes [ 5] 12.00-13.00 sec 768 MBytes 6.44 Gbits/sec 152 798 KBytes [ 5] 13.00-14.00 sec 756 MBytes 6.34 Gbits/sec 58 828 KBytes [ 5] 14.00-15.00 sec 735 MBytes 6.17 Gbits/sec 49 808 KBytes [ 5] 15.00-16.00 sec 732 MBytes 6.14 Gbits/sec 27 804 KBytes [ 5] 16.00-17.00 sec 738 MBytes 6.19 Gbits/sec 61 926 KBytes [ 5] 17.00-18.00 sec 739 MBytes 6.20 Gbits/sec 35 806 KBytes [ 5] 18.00-19.00 sec 742 MBytes 6.23 Gbits/sec 44 1.05 MBytes [ 5] 19.00-20.00 sec 768 MBytes 6.44 Gbits/sec 0 1.47 MBytes [ 5] 20.00-21.00 sec 714 MBytes 5.99 Gbits/sec 701 774 KBytes [ 5] 21.00-22.00 sec 742 MBytes 6.23 Gbits/sec 21 807 KBytes [ 5] 22.00-23.00 sec 751 MBytes 6.30 Gbits/sec 28 842 KBytes [ 5] 23.00-24.00 sec 766 MBytes 6.43 Gbits/sec 166 818 KBytes [ 5] 24.00-25.00 sec 740 MBytes 6.21 Gbits/sec 162 886 KBytes [ 5] 25.00-26.00 sec 759 MBytes 6.36 Gbits/sec 18 884 KBytes [ 5] 26.00-27.00 sec 720 MBytes 6.04 Gbits/sec 41 880 KBytes [ 5] 27.00-28.00 sec 716 MBytes 6.01 Gbits/sec 22 848 KBytes [ 5] 28.00-29.00 sec 731 MBytes 6.13 Gbits/sec 7 835 KBytes [ 5] 29.00-30.00 sec 735 MBytes 6.17 Gbits/sec 29 887 KBytes - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-30.00 sec 21.8 GBytes 6.23 Gbits/sec 2459 sender [ 5] 0.00-30.01 sec 21.8 GBytes 6.23 Gbits/sec receiverWireguard is clearly faster. I dont think anyone, including myself was doubting that, but it does appear OpenVPN vs Wireguard may not matter if you have < 1 Gbps and decent hardware.
I know Netgate XG-7100's weak Atom C3558 only does about ~300Mbps with OpenVPN, so I am sure Wireguard will be an advantage there! Not sure how the SG-2100 with ARM CPU will do, but I know Wireguard on Raspberry Pi seems faster than OpenVPN according to most benchmarks on the internet.
-
@flsnowbird said in what speeds can you get with WG on a SG-3100:
Hello - I'm currently using openvpn and can only achieve about 80Mbit speeds on this appliance on a 1gig connection.
No matter the provider or even a dedicated server running openvpn. Looking at 2.5.0 with WG support, was wondering what kind of speeds are being achieved in testing with WG? Would it be worth to upgrade my appliance?So I can't directly answer your question, however I can provide my own experiences.
On my old Celeron based test router, I always hit a limit of ~110mbits on OpenVPN. So far i've gotten up to 200mbit by switching to Wireguard.Of related note, of all of the providers I tested, only Mullvad could really support high speeds. On my production router with an i7 inside, I can push ~900mbits on my gig connection. All the other providers I tried choked on anything over 200mbits.
-
@griffo said in [what speeds can you get with WG on a
On my old Celeron based test router, I always hit a limit of ~110mbits on OpenVPN. So far i've gotten up to 200mbit by switching to Wireguard.
see https://redmine.pfsense.org/issues/10311
