OPNsense WireGuard Performance
Protectli has a variety of hardware to meet a range of requirements. It is important to provide information regarding various operating system and applications so customers can make an educated decision before purchase. In this article we will cover performance results for the WireGuard plugin available on OPNsense.
WireGuard is a modern, efficient, and secure VPN solution which is relatively easy to configure and deploy compared to OpenVPN and IPsec. For more information on WireGuard please visit the website here https://www.wireguard.com/
WireGuard supports network topologies such as point-to-point, star, and mesh. For our test configuration we utilized a point-to-point configuration. A LAN network (192.168.20.0) was used as the pseudo WAN connection between the WireGuard tunnel “endpoint A” and “endpoint B”. We used a FW6E (IP address – 192.168.20.12) running OPNsense (LAN address – 10.4.1.0) as WireGuard endpoint A (tunnel A – 10.0.0.1), and the devices under test (IP address 192.168.20.x) running OPNsense (LAN address – 10.4.2.0) as WireGuard endpoint B (tunnel B 10.0.0.2). Client A was a Windows 10 desktop (10.4.1.10) running an iPerf3 server and client B(10.4.2.10) was a Windows 10 laptop running iPerf3 as a client.
See the network diagram below for a visual representation of the network topology
The WireGuard implementation on OPNsense is fairly straightforward without many configurable options. WireGuard utilizes the ChaCha20Poly1305 cipher suite. While the tests were done with different versions of OPNsense, the WireGuard package version stayed the same and there were no performance differences.
Performance results are shown in the table below
|Vault Model||Unencrypted LAN Performance (Mbps)||OpenVPN AES-256-CBC/SHA256 (AES-NI enabled) Avg (Mbps)||WireGuard v1.7 (wireguard-go)
256-bit ChaCha20Poly1305 Avg (Mbps)
For more detailed information, please see the Google spread sheet below.
As always, if you have any questions or concerns please don’t hesitate to reach out to firstname.lastname@example.org