Beautiful project, thank you!
I have a performance question. Goal is to maximize transfer speed for single connection streaming from SE Asia to Canada, where UDP traffic is reduced to ~1 Mbps at peak times, 40 Mbps is obtainable occasionally. 10 Mbps is the sweet spot, but would like to maximize network performance. Not trying to climb over the great firewalls in the region.
The hope is STUN masking and obfuscation will achieve 10 Mbps on the specified workload. Data below illustrates I can do that (From Texas US to Alberta Canada) but the path from Thailand to Canada is more problematic.
I suspect my MTU setting or a lack of knowledge in some other area (iperf defaults, wg performance ability on single connections) is at play... perhaps the delta's I'm seeing in performance between obfuscated and non-obfuscated performance are expected.
The point of this question is to determine if wg-obfuscator is the right tool - not to solve other issues here.
Test configuration:
ENDPOINT 1 <-- INTERNET --> ENDPOINT 2
VM1 <---------- wg ----------------> VM2
VM3 <---------- wg+wg_obfuscator --> VM4
VM's on the same endpoints are identical (CPU #, allocated memory size, host hardware) and their path to the internet is the same. Internet connectivity is: ENDPOINT 1 is 1 Gbps symmetrical fibre, ENDPOINT 2 is 600/20 Mbps cable modem.
I see consistent performance deltas in iperf tests between the VM1-2 & VM3-4 links (default iperf parameters, t = 5 min) .
Iperf tests on the VM1-2 and VM3-4 links simultaneously were run so both experience the same internet conditions, and also did tests independently to rule out my networking gear. The VM1-2 link consistently outperforms the VM3-4 obfuscated link. VM1 is at a disadvantage as there are several other active connections from other sources, multiple wg instances, and various IPTABLE rules and routing magic on that VM.
iperf was run on the wg VM's.
Simultaneous VM1-2 and VM3-4 link results: (max-dummy padding is 4, 1420-4=1416)
VM1-2 12 Mbps VM3-4 6 Mbps (MTU=1420, mask=STUN, 1 thread)
VM1-2 48 Mbps VM3-4 42 Mbps (MTU=1416, mask=STUN, 1 thread)
VM1-2 ~140 Mbps VM3-4 ~100 Mbps (MTU=1416, mask=STUN, 16 thread) (MAX VM1-2 192 Mbps VM1-3 129 Mbps)
VM1-2 64 Mbps VM3-4 50 Mbps (MTU=1410, mask=STUN, 1 thread)
VM1-2 65 Mbps VM3-4 43 Mbps (MTU=1420, mask=NONE, 1 thread)
VM1-2 53 Mbps VM3-4 42 Mbps (MTU=1416, mask=NONE, 1 thread)
VM1-2 70 Mbps VM3-4 49 Mbps (MTU=1410, mask=NONE, 1 thread)
Independent run results:
VM1-2 58, 58 Mbps VM3-4 idle (2 iterations, 1 thread)
VM1-2 ~140 Mbps VM3-4 idle (16 thread)
VM1-2 idle VM3-4 6, 6 Mbps (MTU=1420, mask=STUN, 1 thread) (2 iterations)
VM1-2 idle VM3-4 ~25 Mbps (MTU=1420, mask=STUN, 16 thread)
VM1-2 idle VM3-4 40 Mbps (MTU=1416, mask=STUN, 1 thread)
VM1-2 idle VM3-4 ~100 Mbps (MTU=1416, mask=STUN, 16 thread)
VM1-2 idle VM3-4 ~49 Mbps (MTU=1410, mask=STUN, 1 thread)
VM1-2 idle VM3-4 38, 34, 38 Mbps (MTU=1420, mask=NONE, 1 thread) (3 iterations)
VM1-2 idle VM3-4 ~70 Mbps (MTU=1420, mask=NONE, 16 thread)
VM1-2 idle VM3-4 42 Mbps (MTU=1416, mask=NONE, 1 thread)
VM1-2 idle VM3-4 47 Mbps (MTU=1410, mask=NONE, 1 thread)
Are these performance deltas between obfuscated and non-obfuscated expected using wg-obfuscator?
command line options were (STUN shown):
VM3 "server": ./wg-obfuscator --source-lport=59164 --target=127.0.0.1:59163 --key="TettGado" --masking=STUN --verbose=DEBUG
VM4 "client": ./wg-obfuscator --source-lport=59163 --target=somewhere.internet.com:59164 --key="TettGado" --masking=STUN --verbose=DEBUG
VM1 runs kernel 5.15.0-177-generic
VM2,3,4 run kernel 6.8.0-111-generic
CPU Utilization on all VM's was below 30% on 16 thread iperf tests
Beautiful project, thank you!
I have a performance question. Goal is to maximize transfer speed for single connection streaming from SE Asia to Canada, where UDP traffic is reduced to ~1 Mbps at peak times, 40 Mbps is obtainable occasionally. 10 Mbps is the sweet spot, but would like to maximize network performance. Not trying to climb over the great firewalls in the region.
The hope is STUN masking and obfuscation will achieve 10 Mbps on the specified workload. Data below illustrates I can do that (From Texas US to Alberta Canada) but the path from Thailand to Canada is more problematic.
I suspect my MTU setting or a lack of knowledge in some other area (iperf defaults, wg performance ability on single connections) is at play... perhaps the delta's I'm seeing in performance between obfuscated and non-obfuscated performance are expected.
The point of this question is to determine if wg-obfuscator is the right tool - not to solve other issues here.
Test configuration:
ENDPOINT 1 <-- INTERNET --> ENDPOINT 2VM1 <---------- wg ----------------> VM2VM3 <---------- wg+wg_obfuscator --> VM4VM's on the same endpoints are identical (CPU #, allocated memory size, host hardware) and their path to the internet is the same. Internet connectivity is: ENDPOINT 1 is 1 Gbps symmetrical fibre, ENDPOINT 2 is 600/20 Mbps cable modem.
I see consistent performance deltas in iperf tests between the VM1-2 & VM3-4 links (default iperf parameters, t = 5 min) .
Iperf tests on the VM1-2 and VM3-4 links simultaneously were run so both experience the same internet conditions, and also did tests independently to rule out my networking gear. The VM1-2 link consistently outperforms the VM3-4 obfuscated link. VM1 is at a disadvantage as there are several other active connections from other sources, multiple wg instances, and various IPTABLE rules and routing magic on that VM.
iperf was run on the wg VM's.
Simultaneous VM1-2 and VM3-4 link results: (max-dummy padding is 4, 1420-4=1416)
VM1-2 12 Mbps VM3-4 6 Mbps (MTU=1420, mask=STUN, 1 thread)VM1-2 48 Mbps VM3-4 42 Mbps (MTU=1416, mask=STUN, 1 thread)VM1-2 ~140 Mbps VM3-4 ~100 Mbps (MTU=1416, mask=STUN, 16 thread) (MAX VM1-2 192 Mbps VM1-3 129 Mbps)VM1-2 64 Mbps VM3-4 50 Mbps (MTU=1410, mask=STUN, 1 thread)VM1-2 65 Mbps VM3-4 43 Mbps (MTU=1420, mask=NONE, 1 thread)VM1-2 53 Mbps VM3-4 42 Mbps (MTU=1416, mask=NONE, 1 thread)VM1-2 70 Mbps VM3-4 49 Mbps (MTU=1410, mask=NONE, 1 thread)Independent run results:
VM1-2 58, 58 Mbps VM3-4 idle (2 iterations, 1 thread)VM1-2 ~140 Mbps VM3-4 idle (16 thread)VM1-2 idle VM3-4 6, 6 Mbps (MTU=1420, mask=STUN, 1 thread) (2 iterations)VM1-2 idle VM3-4 ~25 Mbps (MTU=1420, mask=STUN, 16 thread)VM1-2 idle VM3-4 40 Mbps (MTU=1416, mask=STUN, 1 thread)VM1-2 idle VM3-4 ~100 Mbps (MTU=1416, mask=STUN, 16 thread)VM1-2 idle VM3-4 ~49 Mbps (MTU=1410, mask=STUN, 1 thread)VM1-2 idle VM3-4 38, 34, 38 Mbps (MTU=1420, mask=NONE, 1 thread) (3 iterations)VM1-2 idle VM3-4 ~70 Mbps (MTU=1420, mask=NONE, 16 thread)VM1-2 idle VM3-4 42 Mbps (MTU=1416, mask=NONE, 1 thread)VM1-2 idle VM3-4 47 Mbps (MTU=1410, mask=NONE, 1 thread)Are these performance deltas between obfuscated and non-obfuscated expected using wg-obfuscator?
command line options were (STUN shown):
VM3 "server":
./wg-obfuscator --source-lport=59164 --target=127.0.0.1:59163 --key="TettGado" --masking=STUN --verbose=DEBUGVM4 "client":
./wg-obfuscator --source-lport=59163 --target=somewhere.internet.com:59164 --key="TettGado" --masking=STUN --verbose=DEBUGVM1 runs kernel 5.15.0-177-generic
VM2,3,4 run kernel 6.8.0-111-generic
CPU Utilization on all VM's was below 30% on 16 thread iperf tests