My WG traffic looked like a DOS attack to OVH and I got blackholed for 5min, then 15, then 30.
My guess is your provider is rate limiting your UDP traffic.
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
My WG traffic looked like a DOS attack to OVH and I got blackholed for 5min, then 15, then 30.
My guess is your provider is rate limiting your UDP traffic.
it looks like provider is not rate limiting:
You could also try a VPS from hetzner and see if its any better. Here's my speed test just now using WG on my cell, exit through Hetzner.
answer: no but ddos protection is active and that affects speed a lot
Yeah, that sounds about right to me. I'd look for a different provider if you're looking for speed. Like I said above, OVH was unusable to me so I went to hetzner.
Lookup "lowendbox" if you want something cheap. I used some Christmas or new year deal at racknerd that was alright.
thx, for answer
Good luck!
If you want to stay with whatever provider you have you can try openVPN over TCP or a SOCKS proxy over SSH (both TCP traffic). Anything TCP might be faster than WG
Is your test TCP or UDP? My guess is that's TCP traffic.
Your VPS provider can rate limit as specific as a single UDP port. Try a different WG UDP port or wrap your WG traffic in TCP with other software and try again.
I'll ask provider
Having never used this software before, my guess would be your VPS provider is limiting the upload speed of the VPS. The data would be uploaded slowly to you, which means your download speed is limited as the client.
Meanwhile the upload speed is reported as being high enough, since the VPS can download your data at 50mbit/s, as this cap is higher.
But when I tested speed on VPS, using speedtest-cli I got this:
That is likely a speed test server within the same data center as your vps, or they have special traffic shaping rules for it.
Try using iperf from your local box to the VPS and see what speeds you get
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
Fewer Letters | More Letters |
---|---|
IP | Internet Protocol |
SSH | Secure Shell for remote terminal access |
TCP | Transmission Control Protocol, most often over IP |
UDP | User Datagram Protocol, for real-time communications |
VPS | Virtual Private Server (opposed to shared hosting) |
[Thread #904 for this sub, first seen 3rd Aug 2024, 00:35] [FAQ] [Full list] [Contact] [Source code]
You missed OVH and DOS
Could be an ipv6 issue in which case reducing the MTU might help
Yeah I'd check for fragmentation, particularly coming from whatever was on the opposite end of this tunnel. This looks like librespeed (which is super simple to run in a container, ‘adolfintel/speedtest‘, if interested...I run some at work and it's very useful) so I'm assuming it was running on the server at the other end of the wireguard tunnel?
That latency and jitter are also absurd tho. Op should run a bufferbloat test on both sides. Though I don't always trust those results from librespeed.
Have you tried running librespeed on the vps? Librespeed is good if you have a provider nearby. If not it is very inaccurate
Where is your VPS located, and which Wire Guard server are you connecting to?
Romania, and I didn't understand your second question.
You could try headscale instead, which doesn't actually pass much traffic between the VPS and clients (client to client is where the actual data transfer happens).
Or just test out regular hosted Tailscale to see if it will fit your needs.