Hello,
I am using Wireguard on a recently updated OpenWrt installation (currently using the latest nightly build to get SFP support Turris Omnia: Experimental support for SFP cage). The OpenWrt instance acts as a Wireguard "server" and allows clients to access the internal LAN as well as use the internet connection (forwarding to WAN is enabled). Connections do work as expected: I can access devices on LAN, as well as use the Internet connectivity of my OpenWrt router by using AllowedIPs 0.0.0.0/0 and make sure the client sets up routes properly.
Now when doing performance testing I get ~18Mbyte/s when downloading a file from a http server running on the LAN. The speed is probably limited by the Internet connection speed on my client side.
However, when downloading a file from the web, I get only about 1Mbyte/s and the speed is declining over time to about ~300kByte/s! Downloading that same file within the LAN (hence using the same internet/WAN connection), I get around ~35MByte/s (showing that the Internet connectivity should be much faster).
What can cause the http connection going through the Wireguard tunnel out through WAN to be that much slower than the http connection through the Wireguard tunnel out through LAN? The router's CPU load seems low in both cases (below 20%). I tried various options like Packet Steering or setting lower MTU (currently using 1380), but no success so far.
As downloading through the Wireguard tunnel is fast, I assume this is not related to Wireguard directly. It seems that somehow http traffic routed through the tunnel gets "throttled". Could it be related to the fact that traffic through the tunnel has a much higher latency? (e.g. TCP windowing algorithm messed up...?). Any ideas how to debug such kind of issues? Wireshark seems not really helpful as I just see tons of TCP packages flowing back and forth.
Best regards,
Stefan