Slow WireGuard Site-to-Site Connection Between Two Buildings

Networking & Firewalls
1

Hi everyone,

I’m experiencing a significant slowdown with my WireGuard site-to-site connection and could use some help troubleshooting.

Setup:

  • Building A: Fiber connection, 200/200 Mbps (up/down)
  • Building B: Coax connection, 700 Mbps down / 50 Mbps up
  • Distance between buildings: 300 meters

Issue: The WireGuard connection between the two buildings is extremely slow. Here are some tests and observations:

  1. iPerf Speed Test:
  • TCP: 7-10 MBps
  • UDP (WireGuard protocol): 0.5 MBps
  1. Real-World Test:
  • Copying a 200MB file over SCP from my laptop in Building A to a server in Building B: Estimated time is over 5 minutes.
  • The same test in the opposite direction (B to A) is also slow.
  1. Direct Connection Test:
  • When connecting directly to WireGuard in either Building A or B (not using the site-to-site connection) from my laptop through a separate tunnel, the speeds are much better. The same 200MB file transfers in 10-15 seconds.

Troubleshooting Steps Taken:

  • Adjusted MTU values for both WireGuard and WAN interfaces.
  • No improvement observed.

Question: What might be causing this significant slowdown in the site-to-site connection, and how can I resolve it?

Thanks in advance for your help!

2

A few questions:

  • What hardware?
  • What is the CPU usage?
  • What is the MTU you used for Wireguard?
3

Hardware

  • Building A: Netgate 7100
  • Building B: Netgate 6100

CPU usage under load

  • Building A: ~50%
  • Building B: ~15%

Memory usage under load

  • Building A: ~12%
  • Building B: ~14%

Used MTU

  • Default MTU
  • 1340
  • 1300
  • 1380

Thanks Tom :slight_smile:

4

Without any more details, I would test the connection with a client behind one or both routers. That should highlight the problem router. Then stare at the logs to hopefully see something useful.

Doing this on both ends (creating a new tunnel behind the routers) would guarantee to solve your problem. Once that is done you could just build the routes to those tunnel endpoints and you are done. Plus you got yourself better setup in every way.

5

Don’t adjust MTU on WAN but confirm that Wireguard has an MTU of 1420 .

6

This unfortunately didn’t work. I will try some other solutions or what Liquidjoe suggested.