Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1018044: wireguard: Bandwidth throttled when using wireguard NAT to route traffic
19 views
Skip to first unread message
JP Del Mundo
Aug 24, 2022, 11:50:04 AM8/24/22
to
Package: wireguard
Version: 1.0.20210914-1
Severity: important
X-Debbugs-Cc: jpdelmu...@gmail.com
Version: 1.0.20210914-1
Severity: important
X-Debbugs-Cc: jpdelmu...@gmail.com
Dear Maintainer,
Bandwidth is being throttled when traffic is routed from my LAN NAS/PC through a wireguard peer (on the same LAN), going to my VPS wireguard. Here's a video: https://reddit.com/link/wp26ec/video/85rm42pn7wh91/player .
Note: This issue only happens on Debian. When I use Ubuntu on the same hardware, everything is working fine (Dell Optiplex 3080 i5 10500T, RealTek RTL-8169 Gigabit Ethernet).
Basically, here's the layout: VPS <--> DEBIAN <--> NAS/PC
- DEBIAN and NAS/PC are both within the LAN
- VPS and DEBIAN connected via wireguard
- NAS/PC to DEBIAN bandwidth is okay
- DEBIAN to VPS bandwidth is okay (wireguard to wireguard)
- NAS/PC to VPS (via DEBIAN's wireguard tunnel) bandwidth is NOT OKAY
When I use Debian with wireguard as peer, bandwidth is throttled. However, things are fine when I installed Ubuntu on the same hardware and set it up with wireguard as peer. I was expecting the Debian install with the wireguard tunnel to work the same as with Ubuntu since they're both using the same hardware, apparently the same nic driver versions (see below).
Initially, I noticed this issue when I was setting up my proxmox VMs so I made a post on their forums thinking it might be a proxmox issue but I've narrowed it down to Debian (in combination with the hardware). A lot of detail is in that post, here's the URL: https://forum.proxmox.com/threads/why-would-the-bandwidth-throttle-down-vm-with-wireguard-video.113668/
In addition, here's a ethtool and modprobe result comparison between the Debian and Ubuntu installs on the same hardware: https://imgur.com/a/yljSISO
To summarize:
- Baremetal Debian 11.4 (or 10.12) with wireguard: Bandwidth throttled
- Baremetal Ubuntu 20.04.4 LTS with wireguard: OK
- Vbox VM Debian 11.4 with wireguard (on a windows PC): OK
- Vbox VM Ubuntu 20.04.4 with wireguard (on a windows PC): OK
As you can see above, I also did not experience the issue on a Debian VM-wireguard combination (which makes the hardware the culprit?). However, the baremetal Ubuntu-wireguard works without a problem on that same hardware, so it's not the hardware (?). I also tried different MTUs and MSS clamping but those didn't help (wireguard MTUs both at 1420 during testing, LAN router and NAS/PC on default MTU 1500).
Note: The above were tested on the stable version of wireguard. Below only shows wireguard unstable version because that's what I used during my last test.
-- System Information:
Debian Release: 11.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.18.0-4-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=en_PH.UTF-8, LC_CTYPE=en_PH.UTF-8 (charmap=UTF-8), LANGUAGE=en_PH:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages wireguard depends on:
ii linux-image-amd64 [wireguard-modules] 5.18.16-1
ii wireguard-tools 1.0.20210914-1
wireguard recommends no packages.
wireguard suggests no packages.
-- no debconf information
Bandwidth is being throttled when traffic is routed from my LAN NAS/PC through a wireguard peer (on the same LAN), going to my VPS wireguard. Here's a video: https://reddit.com/link/wp26ec/video/85rm42pn7wh91/player .
Note: This issue only happens on Debian. When I use Ubuntu on the same hardware, everything is working fine (Dell Optiplex 3080 i5 10500T, RealTek RTL-8169 Gigabit Ethernet).
Basically, here's the layout: VPS <--> DEBIAN <--> NAS/PC
- DEBIAN and NAS/PC are both within the LAN
- VPS and DEBIAN connected via wireguard
- NAS/PC to DEBIAN bandwidth is okay
- DEBIAN to VPS bandwidth is okay (wireguard to wireguard)
- NAS/PC to VPS (via DEBIAN's wireguard tunnel) bandwidth is NOT OKAY
When I use Debian with wireguard as peer, bandwidth is throttled. However, things are fine when I installed Ubuntu on the same hardware and set it up with wireguard as peer. I was expecting the Debian install with the wireguard tunnel to work the same as with Ubuntu since they're both using the same hardware, apparently the same nic driver versions (see below).
Initially, I noticed this issue when I was setting up my proxmox VMs so I made a post on their forums thinking it might be a proxmox issue but I've narrowed it down to Debian (in combination with the hardware). A lot of detail is in that post, here's the URL: https://forum.proxmox.com/threads/why-would-the-bandwidth-throttle-down-vm-with-wireguard-video.113668/
In addition, here's a ethtool and modprobe result comparison between the Debian and Ubuntu installs on the same hardware: https://imgur.com/a/yljSISO
To summarize:
- Baremetal Debian 11.4 (or 10.12) with wireguard: Bandwidth throttled
- Baremetal Ubuntu 20.04.4 LTS with wireguard: OK
- Vbox VM Debian 11.4 with wireguard (on a windows PC): OK
- Vbox VM Ubuntu 20.04.4 with wireguard (on a windows PC): OK
As you can see above, I also did not experience the issue on a Debian VM-wireguard combination (which makes the hardware the culprit?). However, the baremetal Ubuntu-wireguard works without a problem on that same hardware, so it's not the hardware (?). I also tried different MTUs and MSS clamping but those didn't help (wireguard MTUs both at 1420 during testing, LAN router and NAS/PC on default MTU 1500).
Note: The above were tested on the stable version of wireguard. Below only shows wireguard unstable version because that's what I used during my last test.
-- System Information:
Debian Release: 11.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.18.0-4-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=en_PH.UTF-8, LC_CTYPE=en_PH.UTF-8 (charmap=UTF-8), LANGUAGE=en_PH:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages wireguard depends on:
ii linux-image-amd64 [wireguard-modules] 5.18.16-1
ii wireguard-tools 1.0.20210914-1
wireguard recommends no packages.
wireguard suggests no packages.
-- no debconf information
Daniel Gröber
Nov 21, 2022, 10:10:04 AM11/21/22
to
Hi JP,
On Wed, Aug 24, 2022 at 11:42:06PM +0800, JP Del Mundo wrote:
> When I use Debian with wireguard as peer, bandwidth is throttled. However,
> things are fine when I installed Ubuntu on the same hardware and set it up
> with wireguard as peer. I was expecting the Debian install with the
> wireguard tunnel to work the same as with Ubuntu since they're both using
> the same hardware, apparently the same nic driver versions (see below).
To support your hypothesis that the Debian build of linux is somehow at
fault here I would suggest setting up a local testbed with two wg peers on
the same machine. ip-netns(1) will be useful here.
If that shows the same degraded performance over the tunnel we can surmise
the problem most likely lies with the wireguard driver itself and not the
NIC driver or even some external networking issue.
Also: consider using iperf for bandwith testing which should be easier than
http in this case.
Let me know if you need help setting up a local test environment,
--Daniel
On Wed, Aug 24, 2022 at 11:42:06PM +0800, JP Del Mundo wrote:
> When I use Debian with wireguard as peer, bandwidth is throttled. However,
> things are fine when I installed Ubuntu on the same hardware and set it up
> with wireguard as peer. I was expecting the Debian install with the
> wireguard tunnel to work the same as with Ubuntu since they're both using
> the same hardware, apparently the same nic driver versions (see below).
fault here I would suggest setting up a local testbed with two wg peers on
the same machine. ip-netns(1) will be useful here.
If that shows the same degraded performance over the tunnel we can surmise
the problem most likely lies with the wireguard driver itself and not the
NIC driver or even some external networking issue.
Also: consider using iperf for bandwith testing which should be easier than
http in this case.
Let me know if you need help setting up a local test environment,
--Daniel
0 new messages