[frashman]

Hi,

I have some troubles with my wireguard clients while using the routers wifi since I switched from cable (auto DHCP) to VDSL (PPPoE). Normally I could use both at the same time without noticing any performance issues. Now my download rate drops to 0.3 Mbps with wireguard+wifi (even to the local network like NAS) and the router shows 100% CPU load.

My Setup:
ASUS RT-AC68U (DD-WRT v3.0-r46974 std (06/18/21))
oet1: commercial VPN (DDNS: vpn.mydomain.com) for the IP ranges 10.0.0.0/24 (local lan/wifi) and 10.0.1.0/24 (wireguard/oet2)
oet2: wireguard server (DDNS: isp.mydomain.com) (IP: 10.0.1.0/24)

oet1 setup:


oet2 setup:


wan setup (I tried to set the MTU to auto, but it reverts back to "manual: 1492")


Android Phone:
wifi: ~250 Mbps down/up (low router CPU load)
wireguard+LTE: ~20 Mbps down / 15 Mbps up (low router CPU load)
wireguard+wifi: 0.3 Mbps down / 20 Mbps up (100% router CPU load)



With the old cable modem I used an MTU of 1420 for oet1 and 1280 for oet2. This was also the first setup with VDSL with the same results as above. Now I'm using a MTU of 1432 (and tried many other from 1000-1500), allways with the same result.

Is this a routing problem? are my PBR settings wrong?

[egc]

To exclude any interference just disable oet2 (the "server") no worries your settings are retained.

For PPPoE you have to lower the MTU with 8 from your previous values so use 1412

Reboot your router and run speed tests again.

[frashman]

I've already tried that and there is no difference in the result.

But I had another idea that took me a little further.

I have assigned the DDNS domain to my local DNS (Dnsmasq option: address=/isp.mydomain.com/10.0.0.1) so that the Android client uses 10.0.0.1 as endpoint over WiFi and my WAN address over LTE. And now I have almost full speed without 100% CPU load.

But this solution is a bit dirty because now isp.mydomain.com is assigned to my WAN address and router IP. And apparently the Wireguard client is a bit overwhelmed with that on network change. So it is a kind of "routing problem".

Do you have any idea what I can do about it?

Edit: However, this still does not solve a fundamental problem, because if I switch from the LTE network to Wifi without restarting wireguard (so the WAN IP is still the DNS) I have low speed and 100% CPU load again

[egc]

Are you saying you disable oet2 and when connecting a client to your router (preferably wired) which uses your commercial provider you have a very bad download speed?

If so I do not see an apparent routing problem.

[frashman]

no. the download speed is slow with wifi+wireguard (VPN always on). with LTE+wireguard everything is fine.

all other clients (lan/wifi) within the commercial vpn route (10.0.0.0, 10.0.1.0) and other ranges without the commercial vpn (10.0.2.0, 10.0.3.0 and so on) are fine too.

its just the combination of wireguard+wifi which slows down the connection

[frashman]

i should mention the slow connection just affect the one specific client.

so while one client connects via wifi and wireguard (most likely my phone, because of the "VPN allways on" option) its connection slows rapidly down while other clients are working fine with full speed (local and internet)

the speedtest I'm using is selfhostet on a local machine (https://github.com/librespeed/speedtest)

[egc]

But your router is doing the wireguard , your Phone connected via WiFi to your router should not have wireguard client running.

Edit:
For WireGuard just like open VPN (tun) the server, the VPN subnet, and the client have to be on different subnets, if you try to connect with your phone running a WG client to your server on the same network you will either have no connection or cause looping.


Edit 2:
If you run a WireGuard client to the same provider on your phone and on your router you are running a tunnel in a tunnel, probably that will result in problems at your providers end but at least you have to lower the MTU of your phone 40 or 60 below the MTU of your router

[frashman]

okay, let me put this from another direction, and keep in mind the setup was working before.

My phone is tied to my home network because there are many services, like contact and calender sync, fileserver and so on, running on a local machine (kind of a litte homeserver) since I deeply distrust any services provided by companies like google. So, my phone using the "allways on vpn" option to have a steady connection to my network, regardles of wifi or mobile network.

I moved 4 weeks ago, and must use another internet provider since my cable company don't have service here. So I got VDSL.

And since then, the connection from my phone slows down to 0.3 Mbps when i'm at home and goes back to LTE speed when I'm not at home. Maybe I had this issue before, but it wasn't noticable.

All I can think of is a possible wrong route or something, since I testet many different MTUs.

[frashman]

[egc]

I finally found some time to duplicate your setup (sort of) and had no problem getting it to work.
So the good news is that it could/should work the bad news is I have no idea why it does not work for you

[frashman]

okay thanks for your help. I'll do a factory reset and build everything from scratch

[frashman]

I built everything from scratch and its working again.

That is the big disadvantage of dd-wrt because I have the feeling that everything changes with every revision and is no longer compatible with each other or you adjust a setting on one side and tear it all down on another. I've done this the second time now, although I always work cleanly and don't make any adjustments that I don't need.

anyway, thanks for your help!

[egc]

Glad it is working.

To be honest you had been tinkering a lot with different settings and then indeed the best solution is to reset to defaults and start fresh (never restore from backup )

But DDWRT is on the bleeding edge and that comes with a price, for the routers I test/tinker with I have screenshots and an occasional reset and putting in settings manually is sometimes the best solution to get a stable working build.

But the family router (R7800) has not been resetted in almost two years and is now running 47073
But it is pretty standard only WG server running besides normal internet and port forwarding duties.

But anyway thanks for reporting back at least we know it is not a structural problem.