Hi,
Not sure where to ask this question, so I'll ask here.
I've got l009uigs-2haxd-in router, and connecting to it via Wireguard, I'm only getting around 70-80 mbps throughput (iperf3, tcp).
Is this normal for this router, or maybe I've misconfigured something?
I'm very new to networking and mikrotik ecosystem, so please excuse me if all of this is over my head.
I had problems with this particular wireguard tunnel (video streams not playing for ex.) until I lowered MTU to 1420, but the speed is still low.
If you would need my MikroTik configs, I can provide them.
Some more info:
On my end, ISP gives me 250 mbps symmetric connection.
On the other end of the tunnel is Ubuntu 20.4 virtual machine with gigabit connection and 6 cores from recent Ryzen Threadripper processor.
Before using this MikroTik router I used OpenWRT on Raspberry Pi 4, which had this tunnel running at almost full connection speed (a bit lower than 250 mbps). I remember I had to enable MSS clamping on OpenWRT for the tunnel to start working at full speed.
Thanks
Re: l009uigs-2haxd-in Wireguard speed only 70 mbps
I would say that you are probably hitting the limit for Wireguard on the L009, it has only 2 ARM32 cores at 800. the rPi 4 have 4x ARM64 cores at 1.8GHz.
If you can, I would recommend keep using the rPi 4 for Wireguard.
the cheapest model from Mikrotik that can reach 300Mbps on Wireguard is the hAP ax2, I have used one for Site to Site vpn via wireguard and it could saturate the uplink of 300mbps without asking for help. It probably could go more than 300 easily
If you can, I would recommend keep using the rPi 4 for Wireguard.
the cheapest model from Mikrotik that can reach 300Mbps on Wireguard is the hAP ax2, I have used one for Site to Site vpn via wireguard and it could saturate the uplink of 300mbps without asking for help. It probably could go more than 300 easily
Re: l009uigs-2haxd-in Wireguard speed only 70 mbps
Post both configs........ ( minus public WANIP info, keys etc. )
The default mtu setting is 1420 so dont understand why you lowered to the default??
Important is that both sides of the connection have the same mtu setting
The default mtu setting is 1420 so dont understand why you lowered to the default??
Important is that both sides of the connection have the same mtu setting
Re: l009uigs-2haxd-in Wireguard speed only 70 mbps
Thank you,
Is there a way to confirm CPU is the limiting factor? My idea is to fill the tunnel with traffic and see routers CPU utilization.
I've purchased this router to simplify my network, and free up rPi4 for other uses. I do not really need (though it would be nice) very big speeds on that tunnel, just wanted to know if this is normal.
Is there a way to confirm CPU is the limiting factor? My idea is to fill the tunnel with traffic and see routers CPU utilization.
I've purchased this router to simplify my network, and free up rPi4 for other uses. I do not really need (though it would be nice) very big speeds on that tunnel, just wanted to know if this is normal.
Re: l009uigs-2haxd-in Wireguard speed only 70 mbps
Hi,Post both configs........ ( minus public WANIP info, keys etc. )
The default mtu setting is 1420 so dont understand why you lowered to the default??
Important is that both sides of the connection have the same mtu setting
I have been playing around with different configs on my mikrotik, trial and error, so a lot of disabled and overhead things.
Mikrotik config (a bit sanitized, hope not too much):
wgvpn is the tunnel in question And wireguard config on server for the tunnel:
Code: Select all
root@us-virt:/etc/wireguard# cat wglt.conf
[Interface]
PrivateKey = -PRIVATE KEY-
Address = 192.168.9.2/24
MTU=1420
[Peer]
PublicKey = -PUBLIC KEY-
AllowedIPs = 192.168.9.0/24, 192.168.5.0/24, 192.168.16.0/24, fdf1:e8a1:8d3f:9::2/64
PresharedKey = -PRESHARED KEY-
Endpoint = -HOME WAN IP-:51844
PersistentKeepalive = 25
Something weird Iperf today is around 70-115 Mbits, depends on a run, like:
Code: Select all
Connecting to host ugnius.lan, port 5201
[ 5] local WAN-IP port 45058 connected to 192.168.9.2 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 6.04 MBytes 50.7 Mbits/sec 0 401 KBytes
[ 5] 1.00-2.00 sec 17.8 MBytes 150 Mbits/sec 85 715 KBytes
[ 5] 2.00-3.00 sec 19.0 MBytes 159 Mbits/sec 0 806 KBytes
[ 5] 3.00-4.00 sec 15.7 MBytes 132 Mbits/sec 32 613 KBytes
[ 5] 4.00-5.00 sec 12.3 MBytes 103 Mbits/sec 18 469 KBytes
[ 5] 5.00-6.00 sec 12.3 MBytes 103 Mbits/sec 0 498 KBytes
[ 5] 6.00-7.00 sec 13.4 MBytes 112 Mbits/sec 0 514 KBytes
[ 5] 7.00-8.00 sec 13.5 MBytes 113 Mbits/sec 0 522 KBytes
[ 5] 8.00-9.00 sec 13.4 MBytes 112 Mbits/sec 0 525 KBytes
[ 5] 9.00-10.00 sec 13.4 MBytes 113 Mbits/sec 0 541 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 137 MBytes 115 Mbits/sec 135 sender
[ 5] 0.00-10.04 sec 135 MBytes 113 Mbits/sec receiver
CPU is not being overly used while running iperf.
You do not have the required permissions to view the files attached to this post.
Re: l009uigs-2haxd-in Wireguard speed only 70 mbps
Was not aware you have two wireguard tunnels on the go.
What are the four endpoints???
Which end is the server (for the handshake) on each network.
What are the four endpoints???
Which end is the server (for the handshake) on each network.
Re: l009uigs-2haxd-in Wireguard speed only 70 mbps
There are 2 wireguard tunnelsWas not aware you have two wireguard tunnels on the go.
What are the four endpoints???
Which end is the server (for the handshake) on each network.
wgged - tunnel to UK server, for British TV, MikroTik router connects to the server using its IP and 51871 port. I only forward traffic through it from my local Roku box, rarely used.
wgvpn - tunnel in question, my MikroTik router is the server (waits for connection on port 51844 from my Ubuntu VM)
4 Endpoints??? Not really sure, all other wireguard configuration might be superficial. As I have said I have no idea what I am doing
If you mean subnets: 192.168.9.0/24 - wgvpn wireguard tunnel devices, 192.168.77.0 wgged tunnel devices (for UK gateway purpose), 192.168.5.0/24 my LAN subnet, 192.168.16.0/24 - forgot why this was set in the first place, should be removed. All IPV6 configs are not really used.
The separate wireguard config file I gave is from my virtual machine, it is trying to connect to MikroTik router WAN IP on port 51844
Thank you very much for trying to help me.
Re: l009uigs-2haxd-in Wireguard speed only 70 mbps
Check tool / profileIs there a way to confirm CPU is the limiting factor? My idea is to fill the tunnel with traffic and see routers CPU utilization.
Re: l009uigs-2haxd-in Wireguard speed only 70 mbps
Sorry
the L009 device is a "to low-cpu" powered device.
There is no HW accelerated encryption / decryption using WG.
I love my L009 device for home using - low energy consumption a little "NAS" and container with linux.
Knowing the limitation(include WIFI) of this little red device
You can test it reality easy:
Open winbox connect the L009 device and show the CPU-panel.
Use 2 devices with 1Gbit ethernet and connect to the L009 device.
Make iperf test direct > IP-device1 to IP-device2 you should get about 850 - 900Mbits ore more (with WIFI AX 5G and a new iPAD / iPhone as client you get about 750 - 800Mbit)
Now make a NAT-rule in the L009 with redirect port 5201(TCP) to the iperf server port 5201 from all sources allowed.
Now test iperf from client to the L009 IP - you lost some percent's of speed. Look while the tests on the CPU panel on winbox.
Only NAT-redirect eats 30-40% CPU.
Next configure the WG-tunnel (give the WG interfaces some IP-addresses outside the LAN addresses) connect the client with WG to the L009 box.
Now test iperf to the WG interface from the L009 device - now runs the test trough WG.
The CPU reaches 90+% in the winbox panel an the speed is about 100Mbit (range 90-120Mbit)
So see - the CPU IS THE LIMIT using WG, it "breaks" nearly 100Mbit.
If you have a transfer over the "real internet" also WAN with rates about 70 Mbit, it looks like a "good" value
Greets
the L009 device is a "to low-cpu" powered device.
There is no HW accelerated encryption / decryption using WG.
I love my L009 device for home using - low energy consumption a little "NAS" and container with linux.
Knowing the limitation(include WIFI) of this little red device
You can test it reality easy:
Open winbox connect the L009 device and show the CPU-panel.
Use 2 devices with 1Gbit ethernet and connect to the L009 device.
Make iperf test direct > IP-device1 to IP-device2 you should get about 850 - 900Mbits ore more (with WIFI AX 5G and a new iPAD / iPhone as client you get about 750 - 800Mbit)
Now make a NAT-rule in the L009 with redirect port 5201(TCP) to the iperf server port 5201 from all sources allowed.
Now test iperf from client to the L009 IP - you lost some percent's of speed. Look while the tests on the CPU panel on winbox.
Only NAT-redirect eats 30-40% CPU.
Next configure the WG-tunnel (give the WG interfaces some IP-addresses outside the LAN addresses) connect the client with WG to the L009 box.
Now test iperf to the WG interface from the L009 device - now runs the test trough WG.
The CPU reaches 90+% in the winbox panel an the speed is about 100Mbit (range 90-120Mbit)
So see - the CPU IS THE LIMIT using WG, it "breaks" nearly 100Mbit.
If you have a transfer over the "real internet" also WAN with rates about 70 Mbit, it looks like a "good" value
Greets