MikroTik

Hello. I'm looking optimal config Wireguard for maximum speed.

##### RouterOS 7.1b6: create Wireguard server
# create the server
/interface wireguard add listen-port=13231 mtu=1420 name=wireguard1

# get server's public key
/interface wireguard print

# add IP-address to the interface
/ip address add address=10.0.0.1/24 interface=wireguard1 network=10.0.0.0

# allow from firewall
/ip firewall filter add action=accept chain=input comment="Accept WireGuard" dst-port=13231 log=yes log-prefixWireGuard: protocol=udp

# configure client and get the client's public key
[Interface]
PrivateKey = CLIENT-PRIVATEKEY
Address = 10.0.0.2/24

[Peer]
PublicKey = ROUTER-PUBLICKEY
AllowedIPs = 0.0.0.0/0
Endpoint = serverhostname:13231

# add client to the configuration

/interface wireguard peers add allowed-address=10.0.0.2/32 interface=wireguard1 public-key="CLIENT-PUBLICKEY"

##### End of Wireguard

What improvements and comments will there be?
Thank you

My comment?? Learn to use the Search Function. ;-P

viewtopic.php?f=23&t=174417
viewtopic.php?f=1&t=175643

My comment?? Learn to use the Search Function. ;-P

viewtopic.php?f=23&t=174417
viewtopic.php?f=1&t=175643

This is a bullshit passive aggressive post from a forum veteran. First line in his post talks about speed. While the OP could have said "hey guys, I have Wireguard working but am getting slow speeds" mebbe you could read the post before putting the OP down.

I am here with the same issue. I have read those posts numerous times. Neither, to a new user, give a hint into optimizing speed connections. But hey, I get it. Mikrotik doesn't want a new customer base.

Sorry Mr Whiner, I really dont care about your expectations or lack of literacy etc.. but if you were expecting spoon feeding, correct you came to the wrong place.

If after reading the articles, the OP has further more precise questions, they can be answered.
Using beta software is not for beginners, so one would expect that a certain level of knowledge is there.......

In terms of wireguard, there is not change in the config to OPTIMIZE SPEED as the setup for wireguard is pretty cut and dry and VERY FEW parameters to configure, and any speed is pretty much dependent upon ones ISP connections at either end of the tunnel and the route the traffic takes between the two ISPs. In other words, there is no speed option selection (click here for FAST, MEDIUM, or SLOW).

Now you claim to have the same issue and what is that issue?? because the OP didnt state he had an issue, but merely inquired:

"How do I increase the speed of a standard wireguard setup?": My answer, increase the speed of the ISP connections at either end of the tunnel and hope the route selected does not slow down the connection significantly. If there are any refinements possible in the wireguard implementation code used by MT, then that would up to them to modify/improve over the fullness of time.

Apart from the discussion above ...

Speed is pretty much defined by all intermediate steps to go from end to end. There is not much else to tweak.
I have a 150 down/ 20(-ish) up connection at home.
Where I usually work I have 80/80

Wireguard tunnel directing ALL traffic via home will never go beyond 16-17Mb up/down because of the limitations of my home-upstream.
Which I still find pretty nice given the simplicity of that protocol.
Performance hit will be FAR worse with other protocols.

As for optimizing: it's pretty basic.
What you can handle locally, send it locally. What needs to go over the tunnel, send it over the tunnel. I have a mAP and mAPLite configured that way for "road warrior" purposes.
If you insist on having a tunnel where all traffic goes through (my phone is configured that way if I toggle WG), then accept the limitations.
I see from your peer-config you choose the 'send-all-traffic' option.
You can only go as fast as the slowest link and there is also some processing loss because of the protocol.

Nice synopsis.
"You can only go as fast as the slowest link and there is also some processing loss because of the protocol."

Hello! first of all sorry for my English skills i use google translate.

i have successfully created wireguard tunnel between ccr1036 and ccr 1009

the idea is to get the speed between the wireguard tunnel as close to 1gbs as possible

currently the speed reaches 450-500 mbp/s through the tunnel

both devices receive 1gbp/s from the internet provider

Is there anyone who has gotten closer to 1gbp/s?

all traffic goes from ccr 1009 through the tunnel to ccr 1036
and exit with the ccr 1036 ip address on the Internet

Just a minute ...

if your normal connection is 1Gb, you will never reach that when applying a VPN protocol on top of the data communication.
Wireguard as a protocol on itself already has a overhead of 4.5% (from what I read).

And then there is the data crunching ...
It will mostly depend on the processor speed of the device doing the encryption/decryption, on both sides. Slowest one decides the pace.

As a reference:
I have a site with my client having a 100/100 fiber connection.
At home I have 300/30 connection (recently upgraded). I can pull data from that site over wireguard at 45-50 Mb/s (daily copy job to my PC, hAP AC3 as router).
So that's more or less in line with what you see.

A video speaks louder than a thousand words
https://drive.google.com/file/d/164_DoG ... share_link

This is different setup with 5G mikrotik router and ccr 1036 and two wireguard tunnels with same endpoint IP its my attempt to get more speed via two wireguard tunnels.

Hi Mr Sample, I have the same scenario as you, same town, same ISP provider same 1gb connection wired on fiber on both and my speeds are the same as yours, so its maxed out. One will not achieve 1gig on wireguard but Its faster than most other VPNs that I am aware of.

A video speaks louder than a thousand words
https://drive.google.com/file/d/164_DoG ... share_link

This is different setup with 5G mikrotik router and ccr 1036 and two wireguard tunnels with same endpoint IP its my attempt to get more speed via two wireguard tunnels.

A video would speak louder than a thousand words if it would include something extra than a speedtest result, as it is it just speaks one number, not even a word.
One would check CPU usage from all the devices involved in the said test (laptops, routers etc to find the bottleneck, during the test).
Cheers.

Hello! first of all sorry for my English skills i use google translate.

i have successfully created wireguard tunnel between ccr1036 and ccr 1009
Is there anyone who has gotten closer to 1gbp/s?

I did some testing for this a while ago, with some CCR1036. I think was on about 7.1 so there may have been some improvement since.
For the tests
- I connected the routers into a switch (so no ISP) and made some different connections between them.
- For the speed test I used two laptops running iperf3 (I think from memory 4 threads, TCP, and i do not recall if I set packet size)
- The results were something like this
a) IP-IP tunnel, No encryption. (1gps throughput)
b) IP-IP tunnel. HW IPSEC Encryption. (around 600mbps)
c) Wireguard, (about 500mbps)

Hope this helps.