Best practices with SQM for VPN links

I have a new WireGuard VPN account, and maybe (not decided yet) I will set it up on my main router (Linksys E8450) on a permanent basis. One problem: the router is too slow to handle the VPN at the full speed of my Internet link. The CPU saturates at ~200 Mbps (which is still enough for my use case). When the CPU is saturated, the bufferbloat grade, however, drops to B. If the VPN is set up on the laptop instead, I can get nearly the full speed and the A+ grade without any use of SQM.

In the "VPN on the router" scenario, would it make sense to fight this with SQM, so that the VPN speed is limited to something safe? if so, what are the best practices for this use of SQM?

1 Like

SQM will need as much or more CPU horsepower than WireGuard, on top of what WireGuard needs, so you'll actually get even less throughput.

If you're able to run sqm with wireguard (wg) without lowering bufferbloat grade then let it be.
If you only use vpn sometimes then install wg on your device
If cpu is bottleneck then try sqm with piece_of_cake instead layer_cake
Also, did you try enabling flow_offload in firewall? that should help further

Try fq_codel + simplest. There might be a way to manually setup something even less CPU demanding just to limit the bandwidth.

Does this actually work with either WG or SQM?

This seems to work well enough.

1 Like

I have tried on my RPi4 with a latest stable build. It works

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.