very slow performance comparing to ssh without WG . direct replication is not available with FreeBsd pkg …
tested mbuffer setting … any other thoughts
iperf is also Way better ( very campareable to the direct ssh performance )
You’ll need to look upstream for this. If you’re getting significantly worse performance with replication than iperf, and with wg vs without wg, that strongly implies latency related issues. But for the most part, you need to address that with WireGuard, not ZFS.
Given that you said you’re using FreeBSD… are you using WireGuard-Go, or are you using the kernel module? Might want to try whichever one you’re not currently using as a drop-in replacement and see if it performs any better.
hi , thank you , i did use the kernel module with 13.2 . i will try the GO module .
i also will try with iked ( ipsec ) which i have good results connected to the upstream firewall ( fortigate ).
seems odd enough , this is a commercial line and i got worse performance then in my home in the same scenario .
seems odd enough , this is a commercial line and i got worse performance then in my home in the same scenario
Out of curiosity, what port are you using for WireGuard? Is it a low port number, or an ephemeral one?
There are a lot of how-to guides out there that use UDP 51820, some of which I unfortunately wrote myself. Unfortunately, a lot of firewalls close ephemeral UDP port NAT sessions a LOT more quickly than they do NAT sessions on UDP ports <=1000.
It might be worth simply trying a low port, eg UDP 444, if you’ve been using a high one. Your commercial line might have a router somewhere that thinks of WireGuard traffic as its absolute lowest possible priority and/or be closing sessions prematurely, if you’ve been using an ephemeral port.