Very high (80-90%) packet loss on wireguard VPN
Hi,
I have set up Wireguard VPN Gateway (server) on a Linode. Clients are PCs behind ISP's Router with NAT. I am able to ping two Clients over the VPN gateway. But iperf does not work.
Even iperf between the Client and the Gateway results in almost 90% packet losses. iperf between the client and the gateway's public IP (not VPN Tunnel IP) also results in the same behavior which leads me to believe that the VPS is the problem.
Has anyone faced this problem? Any pointers would be very helpful.
Thanks,
S
1 Reply
asilverman
Linode Staff
Hey there,
If you're able to ping without the VPN, but then see problems when it's activated, it may be a routing issue, and one of the intermediary hops is where the breakdown occurs. Some ISPs may not block pings but may block specific routing protocols. If the Linode were the source of the problem, you would see issues with and without the VPN active. I would try to run iperf with and without the VPN, to determine if this is the case.
If the issue is only when the VPN is active. There are a couple of ways to check where this is happening. The first way is to check the route without the VPN using MTR. You will want to run the command both ways since the route could be different. The commands look like this:
While logged into your Linode:
sudo mtr --tcp --port 8388 --report --report-cycles 100 <local.ip.address>
While logged into your desktop:
sudo mtr --tcp --port 8388 --report --report-cycles 100 <linode.ip.address>
The commands will check ports 8388 for Shadowsocks, and if you are using a non-standard port, you will need to edit the command to the port you're using. When you run the command, it will output how many packets were lost at each hop. You should be able to see where the issue is and perhaps reach out to the ISP to see what they can do to resolve the problem.
One last thing to check is to see if a governmental firewall is blocking the Linodes IP address. We use a handy website to check the IP address from around the world.