There are a couple of improvements coming in IPFire Core Update 196 that you might be interested in - both aimed at improving WireGuard performance.
1. Backported TCP performance patch:
We’ve added a kernel patch originally from Linux 6.13. It enables BIG TCP GSO support for WireGuard, which allows for larger packet aggregation during encryption and transmission. This can lead to about a 15% improvement in TCP stream throughput.
2. Threaded NAPI for WireGuard interfaces:
CU196 also includes this change to enable threaded NAPI for each WireGuard interface. This lets the kernel handle network traffic processing in separate threads per interface.
On systems with multiple tunnels or higher throughput, this should make a huge difference — in one example (see Jason Donenfeld’s slides in the second link), throughput went from ~13 Gbps to ~48 Gbps, thanks to better CPU balancing.
Cheers to open source.
A G