WireGuard Performance Tuning?

4pple5auc3

I have a handful of VPS servers that I use as WireGuard servers. I've set them all to use the BBR2 congestion control algorithm. I also made sure the MTU is set correctly. The servers that are geographically located fairly close to me have no issue with reaching speeds of 1Gbps or more, however there are a few that are located on the opposite side of the country or overseas that struggle to get above 400-500Mbps. I'm curious if there are any other optimizations or tweaks I can do to get these far away servers to reach 1Gbps with WireGuard.

I've read about some TCP/UDP buffer tweaks in sysctl.conf that can be performed to possibly help boost throughput. Can anyone here share their thoughts on this? Can you suggest any changes to the sysctl.conf file on the VPS/WireGuard server that can possibly increase throughput in WireGuard when latency and physical distance are increased?

Don_Keedic

Wireguard is UDP only so any TCP tweaks won't have any effect.

I think the only "tuning" you can do with Wireguard is playing around with MTU and changing DNS servers if I'm not mistaken. Getting the proper MTU does make a huge difference though!

4pple5auc3

True, I guess I shouldn't have specified TCP as there are UDP buffer tweaks too.

net.core.rmem_default
net.core.rmem_max
net.core.wmem_default
net.core.wmem_max
net.core.netdev_max_backlog

I was also thinking about changing
net.core.netdev_budget = 300
to
net.core.netdev_budget = 600

Don_Keedic

Just general tweaks, I gotcha now.

@4pple5auc3 said: net.core.rmem_default
net.core.rmem_max
net.core.wmem_default
net.core.wmem_max

I'm familiar with these...

@4pple5auc3 said: >net.core.netdev_max_backlog
net.core.netdev_budget = 300
net.core.netdev_budget = 600

Haven't actually seen these before but now I'm interested.

In the meantime, could you run a "sysctl -A" and post up your server specs? Should be pretty straight forward tweaking advice with that info.

4pple5auc3

net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.rmem_default = 16777216
net.core.wmem_default = 16777216
net.ipv4.udp_mem = 4096 87380 16777216
net.core.netdev_budget = 600

I'm gonna try this and also test this below

net.core.rmem_max = 33554432
net.core.wmem_max = 33554432
net.core.rmem_default = 33554432
net.core.wmem_default = 33554432
net.ipv4.udp_mem = 4096 87380 33554432
net.core.netdev_budget = 600

All the VPS's are:
KVM
1 Core
2GB Ram
BBR Enabled

Edit:
The 2nd one got me to around 700Mbps

kerus1024

Transparency Proxy with BBR

yusra

@4pple5auc3 said: there are a few that are located on the opposite side of the country or overseas that struggle to get above 400-500Mbps

What is the raw throughput of those servers without wireguard?

Neoon

I didn't need to do any optimization on mine, besides enabling bbr, still I am able to reach 500Mbit+ on those cheap 1$ machines.

Depends if the host is connected with more than 1gig, usually you are not really able to reach that on a shared system.

Levi

BBR is TCP option as I recall. What are you guys enabling?