-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

>As far as I understand it, the virtual router OS is based on BSD,
>right?
>Are the virtual client OSes that you tested based on Linux?
>
>If that's the case, then the result is quite expected: There is a fast,
>in-kernel implementation for Linux[1], but no fast implementation for
>BSD.
>The implementation for BSD is wireguard-go[2], which hasn't really been
>optimized.
>
>
>Jonathan Neuschäfer
>
>[1]: https://git.zx2c4.com/WireGuard/tree/src
>[2]: https://git.zx2c4.com/wireguard-go/about/

Thanks for your reply.

No, I can achieve (almost) full WAN line rate using *BSD as local
clients' OS too, not just Linux ones. The wireguard-go being in user
space doesn't really cause much damage on powerful hardware. For example
on GhostBSD (in a VM) I got >345Mbps down and 20Mbps up running wg-go on
the same machine. [1] The throughput problem only arises when I run wg
directly on the router instance.

I think I made some progress however. I need to do some testing on my
main workstation later, though, as I was working on a (lower powered)
laptop today. OpenBSD being limited to a single core for routing (I
believe its pf is now more multi-threaded however) could also be a
factor. I'm going to move my improved pf.conf over to FreeBSD on the
workstation and see if I get better throughput. I'm convinced I've made
a simple mistake in implementing NAT or one of the pf rules at this
point. It doesn't really make sense otherwise.

I'll get there in the end. :) Thanks again for your reply.
Kind regards,

Lee Yates
[1] https://i.imgur.com/XCFADnR.png
-----BEGIN PGP SIGNATURE-----
Version: BCPG C# v1.8.1.0

iQFBBAEBCAArBQJbVK2PJBxMZWUgWWF0ZXMgPHJhaW5tYWtlcnJhd0BpY2xvdWQu
Y29tPgAKCRDvJcvMOyipklBtB/90STajUjPPXF6F7hkfQdE3xVqNTjfaW4J93+MH
4CKC+wdGAS9riIycSTyEIT1VPjFm17dyUwAEO5hUNfF6anywjTEPWVnR2Mirvnkz
oKURCwEwMMQr1ZHEN/naiO9IfQm9OJKy/20RD0kYMT6Qdmejg7xtQWzkKUD745f/
sRzVxJe6484dHxLW/1bQc5ccWCe3rM6uq9Axo3RyOiWPvDey+pOBEnMvK3LtoGQg
EqddOo72dzjTlWwc2GP7wBxEWtlvMaIg0HYsxsbmh50zWSTuFYclBGDyiDSrHzfl
fe4iHqiRVa6sx7xVys903Dg83tTI/cdJbEGvH4lRu/VZguoe
=zIHq
-----END PGP SIGNATURE-----