• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

Question Wireguard over Mobile Network with S21 Ultra

Search This thread

corwin_amber

Senior Member
Dec 11, 2011
387
128
Hi,

I am wondering, if I am holding it wrong or if anybody else can reproduce my issue:
When using Wireguard over the mobile Network, I am only getting terrible speeds. WG over Wifi, all is well. Also, without WG, all is well. Tunnel off over Mobile, all well. Tunnel on or off over wifi: All well. Only Tunnel on over mobile network is giving terrible speeds. And this is only happening with the S21U. S20+, Tab S6 are fine with WG tunnel over T-Mobile DE.

Constellation: Using WG tunnel on the S21U over T-Mobile DE giving very slow speeds, only several hundred kilobit/s. Device is an SM-G988B DBT (exynos), 256GB.

I have tried:
- using another SIM-Card - problem in the S21U, fine in Tab S6
- rebooted S21U
- checked and reset APN settings
- use different WG endpoints in several countries and over several destination ports
- set the S21 to 5G, 4G, 3G - always slow speeds over mobile

As Wireguard is quite common nowadays, is anybody else expierencing this problem?

Thanks :)
 

aroy97

Senior Member
Feb 3, 2015
286
63
I just did a wireguard connection, I'm getting 350mbps download to a local server (400mbps internet package), seems to work fine for me
 

corwin_amber

Senior Member
Dec 11, 2011
387
128
Thanks, @aroy97 - over mobile network, NOT wifi?
Over wifi, all is well, only over data connection it does not work well at all for me.
 

corwin_amber

Senior Member
Dec 11, 2011
387
128
I am still having this issue. Can somebody please be kind and test?
- Wireguard over MOBILE, not WIFI
- Speedtest
- Speed ok?
 
Last edited:

lywyn

Senior Member
Jul 19, 2010
408
147
I switched to Wiregaurd protocol in PIA VPN app a while ago as I get better speeds on the VPN connections. Not had any issues with it since flipping from OpenVPN stack to Wiregaurd.
 

Alphaphi

New member
Oct 17, 2021
4
0
Hi,

I am wondering, if I am holding it wrong or if anybody else can reproduce my issue:
When using Wireguard over the mobile Network, I am only getting terrible speeds. WG over Wifi, all is well. Also, without WG, all is well. Tunnel off over Mobile, all well. Tunnel on or off over wifi: All well. Only Tunnel on over mobile network is giving terrible speeds. And this is only happening with the S21U. S20+, Tab S6 are fine with WG tunnel over T-Mobile DE.

Constellation: Using WG tunnel on the S21U over T-Mobile DE giving very slow speeds, only several hundred kilobit/s. Device is an SM-G988B DBT (exynos), 256GB.

I have tried:
- using another SIM-Card - problem in the S21U, fine in Tab S6
- rebooted S21U
- checked and reset APN settings
- use different WG endpoints in several countries and over several destination ports
- set the S21 to 5G, 4G, 3G - always slow speeds over mobile

As Wireguard is quite common nowadays, is anybody else expierencing this problem?

Thanks :)

I can confirm this situation. I have a S21, no plus or ultra. The issue is with both wireguard app and TunSafe app. Over Wifi no problem, over mobile - almost no throughput. Without WG VPN: no problem whatsoever.
I run the VPN endpoint myself, and so can see that on the other side of the tunnel, a lot of retransmissions (about 10%) and out-of-order packages occur. Tweaking MTU doesn't help.

My mobile provider is indeed also T-Mobile DE. When you tried "another" SIM card - was that also T-Mobile, or one of the other providers here?

Cheers
 

corwin_amber

Senior Member
Dec 11, 2011
387
128
OMG, finally.

A workaround which makes it a little better is to disable 'Paketplaner auf mehreren Kernen' in Developer Options.

Bit you know what resolved the issue? Found out recently:

Switching the tunnel (not necessarily Transport) protocol to IP v6. It is, however, a bit of a hassle to set up, as I am using an UDM behind a Fritz.

You need to delegate a prefix from the Fritz to the UDM (did a /60), open the Fritz Firewall for the delegated prefix, set the UDM firewall accordingly, do v6 dyndns from the raspis (which are the WG endpoint).

Get yourself an account from mullvad for 5€ per month, there you can easily set up v4, v6 tunnels and test a lot. That is, how I found out.

I have no idea, how this issue can stay all the way up to the Android 12 beta.
 

Alphaphi

New member
Oct 17, 2021
4
0
A workaround which makes it a little better is to disable 'Paketplaner auf mehreren Kernen' in Developer Options.

This did not make any difference on my side. The connection was as slow and with the same retransmission rate as with this option enabled.


Switching the tunnel (not necessarily Transport) protocol to IP v6. It is, however, a bit of a hassle to set up, as I am using an UDM behind a Fritz.

You need to delegate a prefix from the Fritz to the UDM (did a /60), open the Fritz Firewall for the delegated prefix, set the UDM firewall accordingly, do v6 dyndns from the raspis (which are the WG endpoint).

Can you pls go into details:
  • if you are behind a Fritz Box then we're talking about WiFi and not mobile data. Using WiFi along with a wireguard VPN works without trouble for me.

  • How do you switch the tunnel protocol? Do you mean to define only ipv6 addresses between the two peers, which means: encapsulate ipv6 traffic inside a ipv4 connection?
    If so - how is the Fritz Box involved here? If your ipv6 traffic is encapsulated in the tunnel, the Fritz Box cannot see any of the contents, i.e.: doesn't know that there is ipv6 flowing inside the tunnel.
Thanks for a more verbose explanation.
 

Alphaphi

New member
Oct 17, 2021
4
0
PS: if I assing an ipv6 address only to the config of the mobile client, and the same on the counterpart config on the server, then still I can open the tunnel via WiFi, but not via mobile data. And even if the tunnel is open via Wifi, I cannot transfer data as ipv4 packets don't seem to flow through the ipv6 tunnel (or at least I don't know how to do that, not so experienced with ipv6).
So again - advice is appreciated.
 

corwin_amber

Senior Member
Dec 11, 2011
387
128
Will go into more detail later, just quickly:

- Paketplaner is making a big difference for me. Interesting.

- I am hosting Wireguard on a raspi behind the unifi UDM, which is behind the Fritz. Everything in the row has an IPv6 address.

- Therefore I am on mobile data and connecting to my home WG instances - Problem is regardless of connecting to home or e.g. Mullvad. And yes, when the S21 is on wifi, no problem at all.

- Switching between protocols: Setting up the tunnel with an IPv6 destination address and being in an IPv6 network (like Telekom DE offers) makes the difference for me. You need to enable a native v6 connection wan side on the Fritz and also enable it on LAN. You need to set up v6 LAN side on the UDM and on the raspi.

- If you are using an 'external' VPN provider, just try setting up an IP v6 connection. V6 addresses, inside it can be v4. If there is v4 or v6 inside the tunnel (peer addresses are v4 or v6) is not making a difference for me.

Do you want more details on Mullvad? There you can get 1 month for 5€ and quickly create qr codes with different settings (v6 tunnel, v4 transport and vice versa or combinations).
 

Alphaphi

New member
Oct 17, 2021
4
0
All this brought me to the following solution:

The problem is the IPv6-to-IPv4 gateway of Telekom. This gateway comes into play when the APN internet.v6.telekom is used. This is the case on newer devices. Thus we don't see a problem of the S21 here, but what we see is the problem of a "new" device being autoconfigured to use the 6to4 gateway.

If I use the IPv4 APN (internet.telekom), then wireguard works fine on both WiFi and mobile network.

However I'd like to stay with IPv6. For this I configured the wireguard client to use the IPv6 address of my VPN endpoint. But even then I cannot bring up the connection over mobile network.
All in all it seems to me that there is something weird within the Telekom network.