Netmaker is a VPN that relies on WireGuard to forge fast, secure connections between devices and networks. WireGuard has demonstrated superior performance in industry speed tests, and so we wanted to run our own tests to determine how Netmaker performs against pure WireGuard, as well as other standard VPN alternatives.

In our tests, Netmaker demonstrated exceptional performance, especially on high-speed networks. On gigabit networks (1.25-2 gbps / 10.0 gbps burst), Netmaker achieved consistent data transfer speeds averaging 7.88 Gbits/sec, nearly identical to kernel WireGuard alone at 7.89 Gbits/sec. 

These results confirm why organizations requiring a reliable, high-speed VPN choose Netmaker.

High Performance Tests

Standard Network Tests

Full breakdown of results.

We created three networking scenarios to test VPN data transfer speeds:

1. Local: Devices are on the same local network (VPC on DigitalOcean)

2. Regional: Devices have the same network provider, but different local networks (DigitalOcean data centers)

3. Cross-Cloud: Devices have different netework providers (DigitalOcean and Google Cloud)

We created one additional scenario to test the top three VPNs from these results.

4. High Performance: Devices have a high-speed link, and VPN is performance optimized (between VPCs on AWS with a 10GB network)

Finding 1: WireGuard Above all else

We ran test suites #1-3 across seven top VPN options for business networking:

• WireGuard (kernel)
• Netmaker
• Tailscale
• ZeroTier
• Nebula
• OpenVPN
• Tinc

We performed these tests on virtualized Linux servers using a variety variety of server specs, locations, and networks, running each specification multiple times, and averaging the results. Across all tests, it was clear that the WireGuard-based candidates (Netmaker, Tailscale, and kernel WireGuard) were vastly outperformed the other candidates, including ZeroTier, Nebula, OpenVPN, and Tinc. The WireGuard-based candidates consistently transferred data between 2-20 times faster than these alternatives, and achieved similar results.

Finding 2: Netmaker and WireGuard for High-Speed Networks

We took the top three candidates, Netmaker, Tailscale, and WireGuard, and ran an additional high performance scenariour, using a 10 Gigabit network, and performance optimizations to maximum transmission speed.

Netmaker and WireGuard showed consistently high speeds, transmitting at nearly 8GB/s, while Tailscale encountered some issues under stress.

Tailscale runs into problems

Tailscale initially achieved a respectable 5.25 Gbits/sec. However, attempts to maximize transmission speed by optimizing MTU caused problems. Tailscale frequently switched to a fallback routing mechanism, which drastically reduced speeds, appearing to be a key design flaw in this high performance test scenario. Netmaker and WireGuard did not encounter similar issues.

Tailscale's speed plummeted to 35.6 Mbits/sec, bringing down the average speed considerably, and unpredictably.

As a note, while Netmaker did not require a relayed connection in this scenario, Netmaker solves for such problems by allows administrators to set dedicated Relay servers for connections, rather than switching them on and off automatically. We've found this process is much more reliable for such scenarios, where network administrators want more control over network routing.

The Verdict

Our tests confirm that WireGuard-based VPNs yield the best network performance in standard testing. Netmaker, WireGuard, and Tailscale all vastly outperformed the other options by a considerable margin.

Additionally, our tests indicate that in high-performance scenarios, Netmaker or just pure WireGuard make better options, compared to Tailscale.

Full Data & Methodology

Link to Full Data: VPN Comparison 2024

Initial tests

Initial tests were designed to measure and compare performance across three different scenarios:

‍Intra VPC - Machines were located within the same Virtual Private Cloud (VPC) network.

This setup simulates an internal network environment.

Inter VPC - Machines were located in different VPC networks within the same cloud provider.

This setup simulates communication between different regions or zones of the same provider.

Inter Cloud - Machines were located on different cloud platforms (e.g., one on Digital Ocean and one on Google Cloud Platform). This setup simulates cross-cloud communication.

Hardware Configurations

Each of the above test scenarios was executed using three different hardware configurations:

Small Configuration

• 1 vCPU
• 1 GB RAM

Medium Configuration

• 2 vCPUs
• 8 GB RAM

Medium Configuration

• 4 vCPUs
• 8 GB RAM

Parameters Tested

Each VPN solution was configured and tested according to the following parameters (sample structure based on available data):

• MTU (Maximum Transmission Unit)
• Throughput (Mbps)
• Latency (ms)
• Packet Loss (%)
• Test Execution

Setup

• Deploy machines in the specified configurations and scenarios.
• Install and configure the VPN solutions on the respective machines.
• Testing Procedure

For each VPN solution, the following tests were performed three times to ensure reliability of the collected data:

• Measure throughput using iperf or similar network performance tools.
• Measure latency using ping or similar tools.
• Monitor packet loss using network monitoring tools.

High Performance Test

Subsequent tests were run on AWS with Netmaker, Tailscale, and kernel WireGuard

Hardware Configurations

The above test scenario was executed using one hardware configuration on two devices:

c5.xlarge

• 4 vCPUs
• 8 GB RAM

Network Configuration

• 1.25-2 gbps / 10.0 gbps burst

‍