Hi,
I'm running Openwrt on a Fritz.box 7430. All traffic is routed through wireguard to a VPS running OPNsense.
The config works fine, but I'm only getting about 40 MBit/s through the tunnel, instead of the 100 theoretically possible (I'm getting close to that without the VPN running).
Are these speeds expected for this Fritzbox (a bottleneck of the hardware) , or is this likely a configuration issue?
Thanks in advance!
What are your ISP connection speeds (upload and download) when WG is not running?
What is your VPS bandwidth allowance (based on the service offering)?
The ISP connection speeds are 100 Mbit/s up and down (I'm reaching about 92 without the VPN), on the VPS I'm getting 650 Mbit/s down and 600 up.
Hmmm.. I'm not sure what would be limiting the speed.
If you run WG on your computer instead of your router, do you get the same speeds or do you get something closer to 100Mbps?
The lantiq SOC is at the lower end of the performance spectrum, it barely manages 100 MBit/s routing with software flow-offloading, doing VPN at the same time (under those throughput expectations) is far beyond its abilities.
I agree with @slh - I'd blame the CPU.
This is what I had to do until I upgraded the router to one with more CPUs - now I can get line speed (or about max of their own network chip). Clients could get line speed, as long as the router wasn't doing the encryption.
As a side note - Wireguard isn't AES-based, so those chips that may have that instruction set included won't even see a performance improvement.
I calculated you need about 4.8 GHz of CPUs to do about 1000 Gbps of WG, so a dual core 2.4 GHz would get about 100% load during full speed over the tunnel. So a dual core 0.5 GHz may be able to handle 100 Mbps (counting any NAT on the client too)...but not without offloading...packet steering...etc.
Also if the device has a built-in switch for LAN-to-WAN, you will only get 50% of a theoretical speed anyways...so 40 Mbps is pretty good, actually! 
Okay thanks! I just checked and get about 90 Mbit/s when running WG directly on my computer.
So I guess I have an excuse to upgrade my hardware!