Wireguard Dietpi Odroid N-2 slow performance

Having issues with your DietPi installation, or, found a bug? Post it here.
Post Reply
Crunktrunk
Posts: 7
Joined: Wed Aug 19, 2020 7:46 pm

Wireguard Dietpi Odroid N-2 slow performance

Post by Crunktrunk »

Wireguard works but my performance is bad.
Without the VPN I'm getting ~350 down; the VPN decreases that to ~40 down. Any suggestions for increasing speed?
Any help much appreciado! (love dietpi btw)

Relevant information:

Wireguard server = Odroid N2
Wireguard client = Oneplus 7

I installed wireguard on the server and client following these instructions :
server https://www.vikash.nl/setup-wireguard-vpn-server/
phone https://www.vikash.nl/setup-wireguard-client-on-iphone/

My server configuration file:
[Interface]
Address = 10.9.0.1/24
PrivateKey = XXXXX
ListenPort = 51820


PreUp = /boot/dietpi/func/obtain_network_details
PostUp = sysctl net.ipv4.conf.%i.forwarding=1 net.ipv4.conf.$(mawk 'NR==3' /run/dietpi/.network).forwarding=1
PostUp = sysctl net.ipv6.conf.$(mawk 'NR==3' /run/dietpi/.network).accept_ra=2
PostUp = sysctl net.ipv6.conf.%i.forwarding=1 net.ipv6.conf.$(mawk 'NR==3' /run/dietpi/.network).forwarding=1
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o $(mawk 'NR==3' /run/dietpi/.network) -j MASQUERADE
PostUp = ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $(mawk 'NR==3' /run/dietpi/.network) -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o $(mawk 'NR==3' /run/dietpi/.network) -j MASQUERADE
PostDown = ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o $(mawk 'NR==3' /run/dietpi/.network) -j MASQUERADE

# Lenovo
[Peer]
PublicKey = 2EljQLyPeDrmnKNNmQBhEv2d/ktpSgMuD31+bL8u90k=
AllowedIPs = 10.9.0.2/32

# Oneplus
[Peer]
PublicKey = FJSbZ8zLD379h1UI65UtLQ1Gw2F8SMO+1JZt39vAlFI=
AllowedIPs = 10.9.0.3/32



Client configuration

[Interface]
Address = 10.9.0.3/24
PrivateKey = XXXXX
Comment the following to preserve the clients default DNS server, or force a desired one.
#DNS = 192.168.31.1

# Kill switch: Uncomment the following, if the client should stop any network traffic, when disconnected from the VPN server
# NB: This requires "iptables" to be installed, thus will not work on most mobile phones.
#PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --d$
#PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --$


[Peer]
PublicKey = XXXX
# Tunnel all network traffic through the VPN:
# AllowedIPs = 0.0.0.0/0, ::/0
# Tunnel access to server-side local network only:
# AllowedIPs = 192.168.31.0/24
# Tunnel access to VPN server only:
# AllowedIPs = 192.168.31.75/32
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = Hrafnagod.ddns.net:51820

# Uncomment the following, if you're behind a NAT and want the connection to be kept alive.
PersistentKeepalive = 25

Running below command:

ip -4 addr; ip -4 ru; ip -4 ro list table all

inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet 192.168.31.75/24 brd 192.168.31.255 scope global eth0
valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
inet 10.8.0.1/24 brd 10.8.0.255 scope global tun0
valid_lft forever preferred_lft forever
12: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1
inet 10.9.0.1/24 scope global wg0
valid_lft forever preferred_lft forever
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
default via 192.168.31.1 dev eth0
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.1
10.9.0.0/24 dev wg0 proto kernel scope link src 10.9.0.1
192.168.31.0/24 dev eth0 proto kernel scope link src 192.168.31.75
broadcast 10.8.0.0 dev tun0 table local proto kernel scope link src 10.8.0.1
local 10.8.0.1 dev tun0 table local proto kernel scope host src 10.8.0.1
broadcast 10.8.0.255 dev tun0 table local proto kernel scope link src 10.8.0.1
broadcast 10.9.0.0 dev wg0 table local proto kernel scope link src 10.9.0.1
local 10.9.0.1 dev wg0 table local proto kernel scope host src 10.9.0.1
broadcast 10.9.0.255 dev wg0 table local proto kernel scope link src 10.9.0.1
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.31.0 dev eth0 table local proto kernel scope link src 192.168.31.75
local 192.168.31.75 dev eth0 table local proto kernel scope host src 192.168.31.75
broadcast 192.168.31.255 dev eth0 table local proto kernel scope link src 192.168.31.75

What Ive tried:

Setting MTU to 1412 on both client and server like so MTU = 1412. This didn't have any effect on performance after restarting the tunnel.
I tried switching the IPtable configuration but the auto configurated dietpi IPtables look very different from others I've seen on the web and I get an error when I try changing them.
Post Reply