Wireguard throttling speeds

[jsn2233]

Got a GT-AX11000 with 1gig internet, just spent two hours resetting router and slowly testing all of my settings to narrow down what was causing slow speeds. Realized the slow speeds was due to setting my devices to use the wireguard client. Not even turning the wireguard client on causes the slow down, actually funneling traffic through it does this. After searching the forum I see this is simply because router's are limited by hardware.

I also use a Rasp Pi 4 for pihole and other things. Could I use my rasp pi 4 to run my VPN, where my traffic goes to VPN and then through pihole/unbound for DNS? If so, how could I set this up with rules where certain devices use the VPN and others don't?

 

[degrub]

Get a mini PC x86 if you want enough horsepower to run the VPN.

 

[jsn2233]

Get a mini PC x86 if you want enough horsepower to run the VPN.

I've done some research and think I'm going to use a Pi 5 as a VPN gateway. Would Pi 5 give me enough power for 1gig speeds?

 

[bbunge]

I've done some research and think I'm going to use a Pi 5 as a VPN gateway. Would Pi 5 give me enough power for 1gig speeds?

Likely not. A mini computer would do better. Even an old i3 quad core would work better than a RPI.

 

[jsn2233]

Likely not. A mini computer would do better. Even an old i3 quad core would work better than a RPI.

Do you know what is the minimum spec mini pc I could get? I've seen they're quite expensive considering I only need it as a VPN gateway.

 

[Tech9]

Just use what you already have. Otherwise - hundreds of dollars in hardware, steep learning curve with router OS like OPNSense or pfSense, scripting your router for AP with VLANs since they are not supported by default and you can't have even simple isolated Guest Network. Time and money invested in generally wrong impression public VPN services provide extra safety and security.

 

[jsn2233]

Just use what you already have. Otherwise - hundreds of dollars in hardware, steep learning curve with router OS like OPNSense or pfSense, scripting your router for AP with VLANs since they are not supported by default and you can't have even simple isolated Guest Network. Time and money invested in generally wrong impression public VPN services provide extra safety and security.

Fair. You really think it's that hard for me to learn? Although I have no networking experience (besides messing with my home router based on tutorials etc..), I'm a software developer and I can learn pretty fast. I've seen some tutorials that effortlessly setup wireguard clients on a device and program certain clients to use the gateway. Am I making it more simple than it really is?

Edit: also how can I use flow cache on my router? I don't see it.

 

[Tech9]

I'm a software developer and I can learn pretty fast.

Great. Then you already know the whole idea is just replacing your physical ISP with virtual ISP which you trust more based on promises and scare tactics marketing. You just pay both and feel better.

 

[jsn2233]

Great. Then you already know the whole idea is just replacing your physical ISP with virtual ISP which you trust more based on promises and scare tactics marketing. You just pay both and feel better.

I agree somewhat. Yes many of the touted benefits of a VPN are BS, that doesn't mean I want my ISP knowing my every move. Probably will just keep using my router and deal with the reduced speeds.

Is there an Asus router that can provide gig speeds with wireguard?

 

[Tech9]

Is there an Asus router that can provide gig speeds with wireguard?

Newer models with BCM4916 can get there. They are all higher end BE-class devices, all have unresolved firmware issues, some have common connectivity issues, but they may or may not affect your user experience depending on configuration and needs. Many people use them, know about issues, use workarounds. Popular dual-band BE-class devices with Asuswrt-Merlin support are RT-BE88U, tri-band RT-BE96U. Don't go most expensive or the cheapest, not the best value for the money.

that doesn't mean I want my ISP knowing my every move

You just voluntarily transfer the information to another company with better promises. Now they know your every move. Your ISP knows which exactly company you deal with, they may cut you off if they want to. If you do something illegal there is a way to get to you. Public VPN won't fight for you for few bucks a month. Popular web services also know your VPN and the list of denied services to public VPN servers is growing. Reduced user experience and increased inconvenience come as ever growing "bonus". Public VPN providers don't say much about it. They just want you to pay monthly fees. This is the main idea behind such services.

 

[bbunge]

If you really need to use a VPN for a "project" run it on the client and turn the VPN off when finished. Do you really need gig bandwidth all the time? I did work from home on 10/1 DSL! Now the three of us have no issues with 100/100 FIOS.

 

[Tech9]

True. One of my places still has 20/1 ADSL backup ISP. Copper cables are underground, Coax cables are aerial. The main DOCSIS ISP 300/50 got cut many times by construction around. Sometimes takes days to fix. Apart from gateway notification I may not notice immediately the main ISP is gone.

 

[jsn2233]

Newer models with BCM4916 can get there. They are all higher end BE-class devices, all have unresolved firmware issues, some have common connectivity issues, but they may or may not affect your user experience depending on configuration and needs. Many people use them, know about issues, use workarounds. Popular dual-band BE-class devices with Asuswrt-Merlin support are RT-BE88U, tri-band RT-BE96U. Don't go most expensive or the cheapest, not the best value for the money.

Thanks will definitely look at getting one of these in the future. Do you know of any threads on here that may go into some of the quirks/workarounds of these firmware issues? Do you think any of these quirks are soon to be resolved with future updates?

You just voluntarily transfer the information to another company with better promises. Now they know your every move. Your ISP knows which exactly company you deal with, they may cut you off if they want to. If you do something illegal there is a way to get to you. Public VPN won't fight for you for few bucks a month. Popular web services also know your VPN and the list of denied services to public VPN servers is growing. Reduced user experience and increased inconvenience come as ever growing "bonus". Public VPN providers don't say much about it. They just want you to pay monthly fees. This is the main idea behind such services.

That's all good and well but the bottom line for me is trust. Would I trust my ISP with selling me out to data brokers etc rather than the VPN provider? Sorry but if I decide I want to take a look at a few spicy sites I don't like the thought of my ISP, with all my information, address etc knowing this. Would much rather pop my VPN on, who has minimal information about me, and trust them with that, call me crazy. Plus in my country, forget spicy sites, they want to require you to provide ID for some normal sites if your IP originates from my country. Once again pop the VPN on and be done with it.

If you really need to use a VPN for a "project" run it on the client and turn the VPN off when finished.

Yes I could use VPN on per device and that is an alternative. I have considered it and might start trying it.

Do you really need gig bandwidth all the time? I did work from home on 10/1 DSL! Now the three of us have no issues with 100/100 FIOS.

I paid for it and I want to receive what I'm paying for, it's that simple really. I don't like leaving anything on the table and want my money's worth. To be honest though the real thing that gets to me is not knowing why something was happening. I had no idea why my speeds were so slow and I couldn't get it out of my head. Now that I at least know why, I'm much more comfortable with dealing with it. May start just using the VPN on the client instead though, like you said.

 

[Tech9]

I paid for it and I want to receive what I'm paying for

I'm pretty sure no one ever guaranteed you specific minimum throughput. Your residential ISP is "up to" and your VPN of choice is "when capacity allows". What you already have is plenty for Pornhub.

 

[Tech9]

May start just using the VPN on the client instead

Best option and you can change servers in few clicks. You can also have fixed IP with Client App, not available on the router. It's used to avoid denied services to known VPN exit points. Extra fees, of course.

 

[jsn2233]

I'm pretty sure no one ever guaranteed you specific minimum throughput. Your residential ISP is "up to" and your VPN of choice is "when capacity allows". What you already have is plenty for Pornhub.

Yes maybe I should be happy with my Pornhub speeds

They never promised me but seeing that difference between 500mb and 800mb without WG pissed me off. Felt like I was ripping myself off.

Best option and you can change servers in few clicks. You can also have fixed IP with Client App, not available on the router. It's used to avoid denied services to known VPN exit points. Extra fees, of course.

Yes I'm going to try that. Tried a dedicated IP before and it got blocked quicker than the normal servers. Netflix or Prime weren't having it.