Symptom: I can route WAN (internet) traffic through my pfSense firewall via full-tunnel Wireguard connection from remote peers at nearly full speed of my remote internet connection, i.e. speedtest.net reports speeds up to 300 Mbps on a fast remote connection or 100 Mbps on a remote wifi connection. Speedtest also reports tests performed by remote peers are coming from my pfSense firewall's IP. I know Speedtest can be unreliable, but Steam downloads also reach 100 Mbps. These speeds are good, and they are definitely going through the wireguard tunnel. However, iperf3 or SMB traffic from the same remote peers to LAN devices behind the same pfSense firewall is slow, around 32 Mbps (4 MBps) for SMB and 16Mbps (2MBps) or less for SMB. In fact, iperf3 test to the firewall's own IP is equally slow, and servers on the LAN can talk to pfSense at gigabit speeds, so the problem seems to be in the firewall or my clients, not on the LAN.
I've experienced this same behavior from a Windows client and a GliNet portable router sending traffic from multiple clients to my pfSense firewall. An iOS peer actually seems to work better with iperf tests reaching 100Mbps which matches that peer's internet speed test. Sadly I can't test SMB speed or other services very well on an iOS device.
Anybody know why internet/WAN speed would test well, and appear to actually work well over Wireguard, while traffic to LAN clients (at least the types of traffic I've tried to use/test) is slow?
