any benchmarks against Wireguard?

[lonnietc]

Hello,

Just came across Boringtun and I am wondering if there are any speed, scaling, and/or stability benchmarks against Wireguard.

I have a cross-platform project (Linux, macOS, Windows) that will be starting up with Wireguard and speed with low latency is definitely part of the project as it is P2P in nature.

Thanks and have a great day

[wiresock]

Here are the test results from a couple of years ago on Windows, comparing the performance of the WireSock VPN Client, which is based on the Boringtun library, with several other WireGuard clients.

Throughput Test Results Comparison

The following results showcase the throughput (upload/download) test comparisons using a nine-year-old Intel® NUC DC3217IYE (Core i3-3217u) on the client side. For each test, iperf3 was configured to use 4 TCP sessions (one per vCPU). The results presented are the topmost figures from a series of 10 sequential tests.

Test Command:

• Upload: iperf3 -c 10.66.66.1 -P 4
• Download: iperf3 -c 10.66.66.1 -R -P 4

Results:

VPN Client / Version	Upload Speed	Download Speed
WireSock VPN Client v1.0.46	879 Mbits/sec	892 Mbits/sec
WireGuard for Windows (kernel driver) v0.5	892 Mbits/sec	719 Mbits/sec
WireGuard for Windows (WinTun) v0.4.1	288 Mbits/sec	325 Mbits/sec
TunSafe v1.4	435 Mbits/sec	284 Mbits/sec

Here are the more recent test results conducted on a 10Gbps network using WireGuard and WireSock clients. While I didn't perform these tests personally, the results can be viewed through the following Speedtest.net links:

• WireGuard (wireguard.exe): Speedtest Result
• WireSock (wiresock-client.exe): Speedtest Result

[lonnietc]

Thanks for the wonderful information and the Boringtun seems to perform extremely well.

I also did come across WireSock, but it did not seem to be open sourced so I was not sure how to best take a look at it.

I want to build a type of ultra high-scaling, high-speed, and stable P2P system for people to utilize where I will work to deploy a number of P2P applications to compete against currently dominating centralized services. To give you an idea there are existing projects like Yddgrasil (https://yggdrasil-network.github.io/2018/07/15/remote-access.html) and others that try to address the P2P challenge.

With a bit of luck and also a lot of hard work, I plan to turn this effort into a viable company. Maybe we can discuss things more to see if there might be a way that we could partner in some way to bring it all together.

Please let me know and we can see about discussing it further since your Boringtun with WireSock VPN could be the core foundation that I have been seeking for a very long time.

Thanks again and have a great day

[wiresock]

Architecturally, WireSock sets itself apart with its innovative integration of Boringtun and Windows Packet Filter. The latter acts as a sophisticated low-level packet filter, adept at intercepting packets from the network, channeling them to Boringtun for processing, and then seamlessly re-injecting them into the network stack. This method marks a significant departure from conventional approaches, such as the use of a tunnel adapter like WinTun.

A notable distinction in WireSock's design is its handling of Wireguard UDP packets. Rather than routing these packets through a socket, WireSock employs a direct interception and injection process at the NDIS layer. This advanced technique not only simplifies the overall process but also enhances performance to a level comparable with full kernel mode implementations.

Your idea is certainly exciting, but it also brings with it a complex set of implementation challenges. I have doubts about how feasible it is for a small team, especially one lacking external funding, to carry out a project of this scale successfully.

Additionally, I want to point out the challenges in setting up peer-to-peer (P2P) connections, particularly when both parties are limited by Carrier Grade NAT (CGNAT). In such situations, we might have to depend on relay servers or seek assistance from other network nodes.

While I am interested in the prospect of collaborating, I must stress that my available time is quite limited. This could potentially limit how much I can contribute to this project.

[lonnietc]

Thanks for your quick response.

Please give me your contact information and I can email and send you an invite to a small Slack channel that I have set up so that we can discuss things more, ok.

This could really be exciting and a good endeavor if it can be made to work as envisioned.

[wiresock]

You can reach me at vadim@ntkernel.com for further discussions and the Slack invite.