WIreguard is running using the wg-quick systemd service. Machine1 has a static IP and open ports, Machine2 is behind a NAT, and has no forwarded ports. Machine1 has a gigabit connection, and Mahine2 has a 512mbps down/50mbps up connection.

The issue I’m facing is that the speed is very unreliable and changes if I restart the service on Machin2. Sometimes, I can get (almost) full speeds. But most of the time, it drops to around 10% of maximum. The speeds don’t seem to change unless the service is restarted. So if a machine needs to be restarted, I basically need to restart the service a few times until I get good speeds. This is very weird to me, and I don’t really understand what’s happening. If it matters, Machine2 is a home computer, with Cox as the ISP. Machine1 is a VPS.

Here are the configs:

Machine1:

[Interface]
Address = 10.8.0.2/24
ListenPort = 51820
PrivateKey = ******
MTU = 1280

# packet forwarding
PreUp = sysctl -w net.ipv4.ip_forward=1

# port forwarding 2222 to 22
PreUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2222 -j DNAT --to-destination 10.8.0.1:22
PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 2222 -j DNAT --to-destination 10.8.0.1:22

# allow all traffic on wg-vps interface
PreUp = iptables -A INPUT -i wg-vps -j ACCEPT
PostDown = iptables -D INPUT -i wg-vps -j ACCEPT

# set up proper forward rules for traffic
PreUp = iptables -A FORWARD -i eth0 -o wg-vps -j ACCEPT
PreUp = iptables -A FORWARD -i wg-vps -o eth0 -j ACCEPT
PostDown = iptables -D FORWARD -i eth0 -o wg-vps -j ACCEPT
PostDown = iptables -D FORWARD -i wg-vps -o eth0 -j ACCEPT

# packet masquerading
PreUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = ******
AllowedIPs = 10.8.0.1

Machine2:

[Interface]
Address = 10.8.0.1/24
PrivateKey = ******
MTU = 1280

[Peer]
PublicKey = ******
AllowedIPs = 10.8.0.2
Endpoint = vps-ip:51820
PersistentKeepAlive = 25