iTranslated by AI

The content below is an AI-generated translation. This is an experimental feature, and may contain errors. View original article
🐢

What to check when WireGuard VPN communication is slow

に公開
Network
VPN
WireGuard
mtu
公共wifi
tech

Haven't you experienced this?

When connecting to public Wi-Fi in cafes and other places and using WireGuard for VPN communication,
the connection can sometimes be incredibly slow.

"Why is it so slow when it's fast at home? Is the cafe's network equipment bad?"

Indeed, this might be the case depending on how congested the cafe's Wi-Fi is.
However, if the connection is fast before connecting to the VPN, but becomes slow as soon as you connect, then you need to be careful.

Why is the connection slow?

Suspect the MTU setting

In such cases, check if MTU is configured in your WireGuard client settings.

MTU (Maximum Transmission Unit) is the maximum size (in bytes) of a single packet in IP communication.
For Ethernet, this value is 1500, but in the case of public Wi-Fi and similar networks, there might be devices along the path that only allow packets smaller than this value to pass.

If such devices exist in the path, routers along the path or the sending client will try to fragment packets into smaller ones and retransmit them. This can cause slow speeds, or in some cases, even prevent retransmission. This is what is known as packet congestion.

Furthermore, when using a VPN like WireGuard,
WireGuard encapsulates encrypted packets over UDP, which increases the header size and effectively reduces the MTU. This makes packet congestion more likely to occur than with normal communication.

Packet congestion

Use MTU=1280

The MTU value of 1280 is the minimum packet size stipulated in IPv6.

In other words, it is a regulation that states all devices must be able to pass packets of 1280 bytes.

Therefore, by setting the MTU to 1280, packet congestion is less likely to occur even in places with unstable communication paths such as public Wi-Fi.

In reality, problems might also be resolved by setting a slightly larger value like 1340, but changing the setting every time depending on the location is cumbersome, so it's safer to set it to 1280 from the beginning.

Below is an example of the settings in a WireGuard client.

WireGuard設定例
Set MTU = 1280 (other values are for illustration only)

Summary

Even if fragmentation (packet splitting) occurs along the path,
it sometimes only slows down communication, not to an unbearable extent.

Therefore, it can be difficult to notice, but...
As explained in this article, MTU can be the cause,
so the author believes it is safer to set MTU = 1280 from the beginning.

Finally, I'd like to conclude this article by presenting "The MTU Song" created with Google Gemini (vocals: Lyria).

https://www.youtube.com/watch?v=s9YfAMCYJOg

See you in the next article.
Bye bye! 😊

Discussion