WIreguard is running using the wg-quick systemd service. Machine1 has a static IP and open ports, Machine2 is behind a NAT, and has no forwarded ports. Machine1 has a gigabit connection, and Mahine2 has a 512mbps down/50mbps up connection.
The issue I’m facing is that the speed is very unreliable and changes if I restart the service on Machin2. Sometimes, I can get (almost) full speeds. But most of the time, it drops to around 10% of maximum. The speeds don’t seem to change unless the service is restarted. So if a machine needs to be restarted, I basically need to restart the service a few times until I get good speeds. This is very weird to me, and I don’t really understand what’s happening. If it matters, Machine2 is a home computer, with Cox as the ISP. Machine1 is a VPS.
Here are the configs:
Machine1:
[Interface]
Address = 10.8.0.2/24
ListenPort = 51820
PrivateKey = ******
MTU = 1280
# packet forwarding
PreUp = sysctl -w net.ipv4.ip_forward=1
# port forwarding 2222 to 22
PreUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2222 -j DNAT --to-destination 10.8.0.1:22
PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 2222 -j DNAT --to-destination 10.8.0.1:22
# allow all traffic on wg-vps interface
PreUp = iptables -A INPUT -i wg-vps -j ACCEPT
PostDown = iptables -D INPUT -i wg-vps -j ACCEPT
# set up proper forward rules for traffic
PreUp = iptables -A FORWARD -i eth0 -o wg-vps -j ACCEPT
PreUp = iptables -A FORWARD -i wg-vps -o eth0 -j ACCEPT
PostDown = iptables -D FORWARD -i eth0 -o wg-vps -j ACCEPT
PostDown = iptables -D FORWARD -i wg-vps -o eth0 -j ACCEPT
# packet masquerading
PreUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = ******
AllowedIPs = 10.8.0.1
Machine2:
[Interface]
Address = 10.8.0.1/24
PrivateKey = ******
MTU = 1280
[Peer]
PublicKey = ******
AllowedIPs = 10.8.0.2
Endpoint = vps-ip:51820
PersistentKeepAlive = 25
You must log in or register to comment.