MultiWireguard Opnsense Forbidden Router

I am not sure where to post this. But I am running Wireguard to mullvad and to linode on opnsense forbidden router. I have noticed linode severely struggles and has high ping if running a long side mullvad tunnel. Mullvad doesn’t seem to. I am not sure what is to blame, however I ideally want the linode and require mullvad. When I disable the mullvad connection linode is hitting 800mbps and low ping, when both are enabled I get ping in 200s and mbps for download drops to ~200 on the linode connection. What is the culprit?

I do not remember this being a thing a year or so ago when running multiple connections. The other thing is I dont think two mullvad exit nodes and instance is a problem. but linode and one mullvad exit node is?

HW/VM setup. 8cores of 5950x allocated to the vm, 8gb of ram. 2.5 and 10gbit nics passedthrough fully, 2.5 is wan and 10gbit is lan.

An update. When I start linode instance first and then enable mullvad it works fine. But on a reboot it starts mullvad first and then the issues persist.

The issue you’re experiencing with high ping and reduced bandwidth on the Linode connection when both Mullvad and Linode tunnels are active could be due to several factors. Here are some potential culprits and troubleshooting steps:

Potential Causes:
Bandwidth Saturation: Both tunnels might be competing for the available bandwidth, leading to congestion and increased latency.

Routing Conflicts: There might be conflicts in how traffic is routed through the different tunnels, causing inefficiencies and delays.

CPU and Memory Resources: Although you have a powerful setup, the VM might still be hitting CPU or memory limits when handling both tunnels simultaneously.

OPNsense Configuration: Specific settings in OPNsense might be affecting how multiple tunnels are managed.

WireGuard Implementation: The implementation of WireGuard in OPNsense or the configurations for each tunnel might be causing issues when both are active.

Troubleshooting Steps:
Check Bandwidth Usage: Monitor the bandwidth usage on both tunnels to see if they are saturating your connection. You can use tools like iftop or OPNsense’s built-in monitoring.

Inspect Routing Tables: Ensure that the routing tables are correctly configured and that there are no conflicts. Verify that traffic is being routed as expected for both tunnels.

Resource Monitoring: Check the CPU and memory usage on the VM when both tunnels are active. Look for any spikes or sustained high usage that might indicate resource contention.

Test Different Configurations: Try different configurations, such as prioritizing one tunnel over the other, changing MTU settings, or using different encryption settings.

Review Logs: Check the logs in OPNsense for any errors or warnings related to WireGuard or network performance.

Separate Instances: If possible, try running the Linode and Mullvad tunnels on separate instances or VMs to see if the issue persists. This can help isolate whether the problem is due to resource contention within a single VM.

Specific Actions:
Bandwidth Saturation:

Use iftop or OPNsense’s traffic graphs to monitor bandwidth usage.
Consider using traffic shaping or QoS to prioritize critical traffic.
Routing Conflicts:

Check System > Routes > Status in OPNsense.
Ensure there are no conflicting routes and that each tunnel has a unique route.
Resource Monitoring:

Use top or htop to monitor CPU and memory usage.
Consider increasing the resources allocated to the VM if usage is high.
OPNsense Configuration:

Review Firewall > Rules and Firewall > NAT settings to ensure they are correct.
Check VPN > WireGuard settings for each tunnel.
By following these steps, you should be able to identify and address the root cause of the performance issues with your Linode and Mullvad WireGuard tunnels