Bug #13405
open
Wireguard: The webgui becomes excessively slow to respond with a large number of peers
0%
Description
Webgui pages that include data from Wireguard can become very slow to respond with a large number of elements present (peers/tunnels).
Code that parses the output of 'wg show all dump' creates a delay.
For example we see delays of ~10s opening the Wireguard status page with 80 peers defined on a 6100.
This affects the peers, tunnels and status pages. And to a lesser extent the dashboard when the Wireguard widget is disaplayed.
Updated by RED SKULL about 2 years ago
I can confirm high delay in webgui response when loading wireguard UI.
I can also confirm very high CPU usage when using the Wireguard widget. Can this be addressed as it is also still an issue on 2.7 beta so has not been addressed.
Updated by Jim Pingle about 2 years ago
- Plus Target Version changed from 22.11 to 23.01
Updated by Marc Mapplebeck about 2 years ago
I can also confirm that 50 WG peers are killing a 1537 Max device. Making changes is painful, doubled when I have to make changes to 2 devices in an HA pair.
Updated by Jim Pingle almost 2 years ago
- Target version deleted (
2.7.0) - Plus Target Version deleted (
23.01)
Updated by David Martin about 1 year ago
I can also confirm this, but its happening to me with only some Peers (exactly, 4 tunnels, about 10 peers in total) I've checked the output of "wg show all dump" but in terminal is kind of instant, no any delay.
Adding any widget to main dashboard related to Wireguard makes dashboard also slow.
Updated by Bogdan Tomasciuc about 1 year ago
+1 - Adding Wireguard widget to dashboard makes the dashboard load extremely slowly. Also the menus relating to wireguard are slow to load.
Later edit: 2.7.0-RELEASE at this time.
Updated by Federico Foschini 5 months ago
Hello,
any updates?
I notice that the culprit is this line:
It looks like reloading the config every time a wireguard page is accessed is the culprit of the slow load:
// Reload config.xml to get any recent changes
$config = parse_config(true);
If you comment out this line the load time is istantaneous.
I don't know if this is a viable solution or loading every time the config is actually needed.
Updated by Clayton Dirkschneider 2 months ago
I can confirm that this is happening on 2.7.0 as well. We have over 900 peers and adding a new peer is painfully slow. The load time is >30s. Has there been any updates on this?
Would changing $config = parse_config(false); hurt anything?
Updated by Clayton Dirkschneider about 1 month ago
I also have a 24.03 pfsense that I tested on and only added 24 peers on and experience the delay. On that test machine, I set $config = parse_config(false); instead of $config = parse_config(true); and the pages load instantaneously. I am still not sure if there are any repercussions to doing this though so I have not applied this the production firewall will over 700 peers.
Updated by Mike Moore about 1 month ago
Thanks for the fix here. This solved my issue. I only have 10 peers and it does take some considerable time to load but this was extremely snappy.
My suggestion would be to submit a PR if you haven't already.