Split tunnelling vs. Full tunnelling speed test

Gil80 · March 6, 2025, 3:02pm

Hi.

I set up Full and Split tunnelling with WG.

The WG server is installed on my RPi which is connected via cable to my router.

While at home, using the 5Ghz band, I did a two speed tests with my phone.

Full tunnel provides DL speed of about 116Mbps and UL of about 93Mbs
Split tunnel provides DL speed of 482Mbps and UL of about 116Mbps

Since I’m doing both tests at my home using WiFi, and since I’m kinda new to this VPN tech, why am I getting two different speeds for the same WiFi?

I understand that split tunnelling is only sending the DNS traffic via VPN and Full tunnelling sends all the traffic via VPN.

But since it’s the same router, same wifi, same capabilities, what gives?

jess-sch · March 6, 2025, 3:02pm

Same wifi, same router, but an extra hop in the path.

Without the VPN, the traffic goes phone->wifi->router->internet.

With the VPN, the traffic goes phone->wifi->pi->router->internet

Anything not in AllowedIPs goes the “Without a VPN” path.

JuniperMS · March 6, 2025, 3:02pm

Provide the configurations for the split and full tunnel. I want to see what exactly you’re sending down the tunnel when doing split tunneling.

Gil80 · March 6, 2025, 3:02pm

That extra hop (pi) is causing such a speed downgrade even though it is directly connected to the router?

What if I install WG directly on my RT-AX88U router? Will that still be considered another hop?

Gil80 · March 6, 2025, 3:02pm

### begin split tunnel ###
[Interface]
Addresses: 10.6.0.5/24
DNS servers: 192.168.1.2

[peer]
Allowed IPs: 192.168.1.2/32
### end split tunnel ###


### begin Full Tunnel ###
[Interface]
Addresses: 10.6.0.3/24
DNS servers: 10.6.0.1

[peer]
Allowed IPs: 0.0.0.0/0, ::0
### end Full Tunnel ###

jess-sch · March 6, 2025, 3:02pm

Which Pi is it exactly?

Only the 4 even supports gigabit ethernet.

Additionally, Pis and CPE have fairly slow CPUs, so that might be it too.

djzrbz · March 6, 2025, 3:02pm

With the split tunnel, you are going to get your raw speed on the speed test.

With the full tunnel, there will always be encapsulation overhead, plus the overhead for your pi to route and NAT. Always expect a VPN to be slower than without.

Gil80 · March 6, 2025, 3:02pm

Oh. Good point.

It’s the 3B+

What is CPE?

Upgrading to Pi4 will improve the speeds?

What about installing WG directly on my router?

Gil80 · March 6, 2025, 3:02pm

in terms of privacy, which option is the best?

jess-sch · March 6, 2025, 3:02pm

What is CPE?

Sorry, CPE means Customer-premises equipment, a.k.a. what normal people simply (and slightly incorrectly) call their router.

Upgrading to Pi4 will improve the speeds?

Yes. No idea by how much though.

What about installing WG directly on my router?

Idk if that’s possible, but if it works I’d expect it to be faster than the Pi 3. Again, no idea by how much though.

djzrbz · March 6, 2025, 3:02pm

But it won’t do you any good inside your LAN, and if you are remote, your ISP can still see your traffic.