Alta Route 10 Hardware Acceleration

Jerky_san · February 3, 2026, 7:31pm

So I have been using the route 10 for over 2 weeks constantly and I have ironed out most of the problems I have but I’ve encountered a rather large one that I want to see if other community members are encountering. I ask this because Alta Support tells me this is expected behavior and I’m insisting it is not.

Situation: I have a server that runs a wireguard client to a commercial VPN provider and is doing transfers in the background. Whenever a transfer occurs and I am playing anything that requires low latency I can immediately notice massive lag spikes. This is the most evident on using “Geforce now” as I have an ultimate subscription to it.

My argument is that Alta route 10 is not routing the wireguard traffic over the hardware acceleration system instead routing it over the CPU. It also does this on OpenVPN traffic as well but honestly I’ve not tested as much on it as I don’t use OpenVPN as much and I am not familiar with the performance I should receive from my VPN host.

You will notice on pictures #1 & #2 KSOFTIRQD/0 process is not even showing any real usage.

You will notice on pictures #3 & #4 KSOFTIRQD/0 process is maxing a single core.

Picture #4 has higher transfer rate as suricate isn’t running but also it seems like less CPU usage. Still KSOFTIRQD is there at 21%+ and I assume it was higher as the # doesn’t add up on the right screen with the system load %.

I cannot replicate this on anything else. Fast.com gets 1.6+ Gbps a second down and 1.6+ Gbps up and the CPU load doesn’t increase either. It seems it only does this on wireguard and I have seen it a little on openVPN traffic but not as bad.(OpenVPN is not as fast either)

Do you all see the same thing? Am I just crazy thinking the wireguard load should be hardware accelerated? I acknowledge IPS can have a fight in this but with it disabled it removes it from the picture leaving only the KSOFTIRQD/0 process maxing and causing performance issues. This morning for some reason it was at 25% and wireguard was only going at about 18 megabytes a second.

On my old router this was also a problem and I had to do the commands below which told the router to make sure it routes the ports for wireguard over the hardware acceleration.



nano /jffs/scripts/wgclient-start


#!/bin/sh

if [ "$1" -eq "2" ]; then # only for wgc2
   echo "del 1337 either" >> /proc/blog/skip_wireguard_port
   logger -t $(basename $0) "Port 1337 removed from blog bypass"
fi

if [ "$1" -eq "3" ]; then # only for wgc3
   echo "del 1443 either" >> /proc/blog/skip_wireguard_port
   logger -t $(basename $0) "Port 1443 removed from blog bypass"
fi


chmod +x /jffs/scripts/wgclient-start

Picture #1 Speed test with IPS enabled

Picture #2 Speed Test with IPS disabled

Picture #3 Wireguard client running on machine doing speed test IPS Enabled

Picture #4 Wireguard client running on machine doing speed test IPS DISABLED

Alta-Jeff · February 3, 2026, 9:55pm

I can confirm that there is no Wireguard nor OpenVPN hardware acceleration support currently. 800 Mbps is about the maximum that the Route10 hardware can handle with default Wireguard encryption settings, and without IPS enabled. Once everything goes through Wireguard (and all is not hardware accelerated), then all traffic will go through the software IPS engine, whereas previously only the first few hundred packets of each TCP stream would have gone through the IPS engine. This is why you see no CPU load when simply enabling IPS. The latency spikes you are seeing may be due to Wireguard trying to fit all of that traffic into a single VPN connection with no prioritization.

You could potentially try enabling CAKE on the WAN to see if that helps, but most likely, you will want to enable CAKE/sqm on your Wireguard interface, not the WAN interface, which would be a command line (/etc/config/sqm) setting.

Jerky_san · February 3, 2026, 9:59pm

Is there a technical reason for not having hardware acceleration even on a client(a server or desktop on the lan) and a server on the internet? The route10 at that point is literally just routing traffic and maybe inspection if IPS is enabled. Why would it route it differently then any other UDP/TCP traffic?

Alta-Jeff · February 3, 2026, 10:04pm

There are varying layers of hardware acceleration. The typical Route10 hardware acceleration is simple routing/NAT, just as you say. However, Wireguard hardware acceleration would require a Chacha20 hardware module for encryption/decryption.

Jerky_san · February 3, 2026, 10:06pm

Yes but I’m saying the route10 is not encrypting/decrypting anything. It’s just forwarding the traffic from my server in my lan to a server on the internet.

server → route10 → internet VPN server

route10 in this situation has nothing to do with encrypting/decrypting the traffic. Only being an intermediary handling the traffic. Why would it need ChaCha20 hardware modules?

Alta-Jeff · February 3, 2026, 10:29pm

Ah, I thought you were using the Route10’s Wireguard encryption. We disable UDP acceleration by default, but you can re-enable it manually with the command:

echo 4 >/cfg/alta_bits

and then reboot.

Jerky_san · February 3, 2026, 10:40pm

Ah.. the sweet relief of it being fixed… Thank you by the way.. really appreciate it.

Jerky_san · February 4, 2026, 1:08am

By the way.. don’t know if this was a fluke but my temps dropped 5 degrees F after enabling this.