Comment by gargan

1 year ago

I recently ran extensive performance tests comparing WireGuard-based VPNs against traditional solutions, and the results were eye-opening. On 10 Gbps networks, WireGuard implementations achieved speeds that absolutely demolished older VPN protocols.

Here are the raw numbers:

Kernel WireGuard: 7.89 Gbps Netmaker: 7.88 Gbps Tailscale: 2.8 Gbps OpenVPN: 233 Mbps

My testing covered multiple scenarios: same-VPC, cross-region, and cross-cloud (DO/GCP). I standardized the configurations across tests, using machines with 1-4 vCPUs and 1-8GB RAM.

The most fascinating finding was Tailscale's behavior under load. While it initially showed promising speeds around 5.25 Gbps, things got interesting when I started tweaking MTU settings. Performance became highly unstable, sometimes plummeting to just 35.6 Mbps. This was particularly surprising given Tailscale's reputation.

The 20x performance gap between WireGuard implementations and traditional VPNs really highlights how far VPN technology has come. Pure kernel WireGuard and Netmaker are clearly leading the pack, pushing close to the theoretical limits of 10 Gbps networks.

1 comment

gargan

Reply
znpy  1 year ago

> Kernel WireGuard: 7.89 Gbps Netmaker: 7.88 Gbps Tailscale: 2.8 Gbps OpenVPN: 233 Mbps

Interesting, but OpenVPN can be configured in many many ways, whereas Wireguard can do fairly little in comparison (even though it does its things remarkably well).

Needless to say, the way you configure OpenVPN affects its performance.

So I would like to ask, how did you configure OpenVPN?

Did you use DCO (https://openvpn.net/as-docs/openvpn-data-channel-offload.htm...) ?