I’ve been having a strange problem with outgoing WireGuard traffic, the problem has probably always been there — I just haven’t noticed, until now. Outgoing WireGuard traffic is very slow, while incoming is what I’d except with my 750/750 fiber internet connection.

This lead me down a rabbit hole of testing performance internally, which I documented in a previous blog post. That turned out to be a queue issue on the SFP+ port on my MikroTik CHR router. Could this also be queue related?

One (potential) downside to running public services on your homelab, is that you expose your IP address. That may, or may not, be a problem — but here are ways around it. The simplest way is to put Cloudflare in front, but this will only handle web traffic, and is a bit of a black box.

Another, more hands-on, approach is to use a VPS (or LXC container); WireGuard and iptables. We will create a secure tunnel between the VPS/container and the homelab HAProxy instance, and forward traffic using iptables.