I’m working on a topology that I will explain in a future post where I have multiple site-to-site VPN with multiple locations with full redundancy. I’ve switched recently from EdgeRouter to FortiGateVM + OPNsense, both redundancy.

The main problem I faced was bad performance of OPNsense under ESXi but also slow wireguard throughput.
Slow Wireguard throughput has been fixed after I discovered this post. It looks like this has been related to the kernel version 14+ that is only available for the next 24.7 OPNsense expected to be released in July, this year.

The workaround is to only upgrade the kernel version from 13.1 to 14.0 using the following command:

opnsense-update -zkr 14-STABLE -a FreeBSD:14:amd64

Here is a picture when I show the CPU utilization before and after the upgrade.

The error discards of the wg0 inteface behind opnsense are now gone.