This feels really trippy. Am running iperf3 over WireGuard.

client -> wg server : ok speed
wg server -> server : ok speed
client -> wg server (iptables forwarding) -> server : slow if using single TCP stream; UDP or 16 parallel streams work fine
client -> wg server (socat forwarding) -> server : ok speed

Also tried using SNAT instead of MASQUERADE and switching TCP CCAs, but to no avail.

Running iperf3 -B [wg address] on the wg server works fine.

Follow

More info:

iptables rules:
```
-A FORWARD -i %i -j ACCEPT
-t nat -A POSTROUTING -o eth0 -j MASQUERADE
```

Using tcp_probe to see what Reno is doing (understood Reno the most so decided to poke at it first), cwnd seemed to be stagnant for no apparent reason, with no backoffs observed.

Reducing MSS seemed to reduce throughput quit significantly (though not exactly linear), so this may be somewhat packet constrained.

Still scratching my head...

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.