RB760iGS as wireguard client - very slow upload

sas2k · July 2, 2023, 7:31pm

Hi @sas2k (Alexander),

I have the same issue with wireguard upload speed but in my case the difference between download and upload far higher because my ISP provides me more speed. My setup is quite simple, in one city I have HAP AX3 (500/500 link) and in another RB4011 (1G/1G), overall 10ms latency (5ms to and 5ms from). In this case, my HAP AX3 is struggling to saturate full upload speed and locks at ~130-150 mbps when download is about 410-420 mbps, CPU is not a bottleneck and stands around 50% during download and 20-25% during upload.

I’m testing with my raspberry pi 4b and connection looks like this:
Client device → HAP AX3 → Wireguard → RB4011 → Raspberry

MTU is 1420 and in Mangle I have TCP MSS rule with “clamp to pmtu” on both Mikrotiks so there won’t be any fragmentation with TCP. However, when I connect with my iPhone to RB4011 wireguard server and browse the internet (do speedtests) upload and download saturates at full 430-440 mbps. What’s more interesting, when I use Bandwidth Test directly on Mikrotiks both download and upload speed the same, so HAP AX3 is actually capable to use full speed over wireguard and over existing internet link.

I’m really wondering what can cause such problem and just wanted to let you know that you are not alone with such weird behavior. I already tried disabling fasttrack, disabling mangle rule and everything is pretty much defaulted. In any case I’m glad to help in any kind of tests and configs setup to figure out what might be the problem here. The next thing I was thinking about to test is to run iperf3 container on HAP AX3 and try to run upload to the raspberry server instead of RB4011, hopefully CPU is not a bottleneck here.

Regards

Ok, I extended my ISP plan, now I have 200\200 Mbit connection for 760igs, which is a wireguard client to remote vps, mtu 1492 (pppoe).
Now wireguard download up to 130-140 mbit (cpu 90-95%), upload same 40-45-50 mbit (cpu 43-53%).
Tried different wireguard mtu, best results still with 1400. Setting 1420 dramatically reduces download.
I added a string to remote vps iptables:
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
But no luck.
760igs has got clamp-mss to pmtu mangle rule as well.
Tried different OS (centos 7, ubuntu 22.04 ) for remote vps, but same results.

ps- ipsec (libreswan 4.11) same speeds, download 75-80 mbit, upload 80-95 mbit (mtu 1400)

sas2k · July 6, 2023, 5:53pm

borrowed hap ac3 for tests and connected it as a dhcp client after 760igs, which is fiber channel wan device.

l2tp ipsec client to same vps - 150 mbit download, 125 mbit upload.
wireguard client to same vps - 160 mbit download, 90 mbit upload.

Seems I should consider of buying hap ax3 !

But still is unclear what is the problem with wireguard upload.

sas2k · July 10, 2023, 12:58pm

bought AX3 and tested.
New Unexpected Problems
http://forum.mikrotik.com/t/hap-ax3-slow-upload-as-ipsec-l2tp-client/167949/1