After deactivating self-built WireGuard from LetsVPN: Chengdu Mobile Broadband + Vultr Singapore node The measured network speed is very slow to review + pit dry goods

Self-Hosted VPN

(1) From LetsVPN to self-built Wireguard VPN full process review (with pit guide)

(2) WireGuard VPN configuration optimization: domestic website direct connection, foreign traffic to go to VPN (actual measurement is effective)

ChatGPT（https://chatgpt.com/）、 YouTube（https://www.youtube.com/）、 V2EX（https://v2ex.com/）始终打不开，提示无法访问。如图1

(3) Wireguard domestic direct connection + foreign tunnel configuration

客户端无「上次握手时间」，一直处于等待连接状态。客户端显示看似连接，但实际无握手、无流量转发，接收一直为 0。

(4) Self-built VPN series Part 4 Wireguard self-built VPN accidental unavailable full replay: from normal use → suddenly no handshake → port is blocked → port change + intelligent shunt complete solution process

Speedtest 出口带宽测速，打开：https://www.speedtest.net/ 。结果如图2

(5) After deactivating self-built WireGuard from LetsVPN: Chengdu Mobile Broadband + Vultr Singapore node The measured network speed is very slow to review + pit dry goods

2. VPS 通过 iptables 做端口段转发：20000~60000 全部UDP端口，统一转发到本机 51820； 3. Vultr 防火墙只需放行 20000~60000 端口段，不用逐个添加单端口规则；

(6) Self-built WireGuard solution port is frequently blocked, the ultimate minimalist solution (nanny class can be reproduced)

洛杉矶节点：Premium、Eyeball、Tier 1 三种网络类型下所有实例均处于缺货状态，包括我能勉强接受的 LAX.AN5.Pro.TINY（Premium 网络，12.98美元/月），该节点 AN5 系列已告罄（如图6）；

(7) Wireguard handshake is normal but can’t open the network? Why do we have to CN2 GIA, with DMIT deployment & out of stock alternatives

需要确保首页 - 当前节点 - ZgoCloud-VPN 是绿色状态（如图25）。

(8) ZgoCloud + Wstunnel + Wireguard speed up 4 times, Clash Verge Rev automatically splits and 443 port anti-sealing actual combat

不可访问：`www.google.com` 提示 `ERR_CONNECTION_CLOSED`；`chatgpt.com`、`v2ex.com` 提示 `ERR_CERT_COMMON_NAME_INVALID`（HSTS 导致的证书错误）

(9) Troubleshooting Transcript: Solve the DNS deadlock problem of “some websites cannot be accessed” under Clash Verge + Wstunnel + Wireguard

(10) ZGoCloud + Wstunnel + Clash Verge Rev under Ubuntu 26.04

分析：第三次测试依然稳健，上传甚至回升到了 81 Mbps。这证明了 CN2 GIA + 9929 线路在下午时段（非深夜）的优异表现。（图7：VPN 测速 #3 详细数据截图）

(11) Under Ubuntu 26.04 Self-built VPN speed test report: ZgoCloud + Wstunnel + Wireguard solution experience and comparison guide

(12) zgocloud + wstunnel + flclash VPN configuration under android

(13) Complete troubleshooting and schema optimization for Google Play update exceptions on Android

(14) Thunderbird can’t send Gmail mail after self-built VPN: Cause and Solution

(15) Can’t update the Play Store app after self-built VPN? Don’t toss wstunnel, the problem is in the Clash diversion rules

关键信息是 code=exited, status=203/EXEC。这个退出码意味着 systemd 无法执行指定的程序。

(16) systemd user service 203/exec error troubleshooting: wstunnel self-starting configuration record

(17) Practical Guide to Stable Clash Verge Rev + WireGuard + Wstunnel Configuration (Part 1): Minimalist Principles and Initial Setup

使用 Clash Verge Rev 内置的连接测试，对常用 13 个目标进行检测：

(18) Clash Verge Rev + Wireguard + WSTunnel Stable Configuration Practice (2): Minimum Correction of DNS Contaminated by Google

你好，我按照你博客文章按流程操作了一下服务器，服务器防火墙也开了，但是手机修改端口还是没有握手提示，也上不了网，这是哪里出问题了吗？

(19) Help customers to remotely troubleshoot vultr Wireguard without handshake and cannot access the Internet problem (full record)

Thunderbird 无法与 imap.gmail.com 连接，请稍后再试。如果问题依然存在，则可能是您超出了此服务器允许的最大连接数量。可在IMAP服务器设置中减少缓存的连接数量。

(20) Full check record from Thunderbird connection failure to switching to Gmail API client

(21) WSTUnnel + Ficlash Remote Troubleshooting full record under client android: from script creation to IP mismatch

在 FlClash 中查看实时请求日志，所有 Play 商店相关的请求全部走代理

(22) FLCLASH + WireGuard + WSTUnnel Stable Configuration Practice (3): Google Play download problem solving

Post Views: 69

Since LetsVPN officially announced that the service was stopped, many friends who pursue privacy and self-use network have embarked on their own way to build Wireguard. Recently, a reader sent me an email consultation: I am like me, I have started a VULTR $5 per month Singapore entry model, and the Wireguard has been built. After visiting overseas platforms such as Binance, the network speed is very slow, and the loading is stuck. It is suspected that there is a problem with my configuration, and I want to know the specific reasons and solutions. as shown in Figure 1

Recently, a reader sent me an email consultation: I am like me, I have started a VULTR $5 per month Singapore entry model, and the Wireguard has been built. After visiting overseas platforms such as Binance, the network speed is very slow, and the loading is stuck. It is suspected that there is a problem with my configuration, and I want to know the specific reasons and solutions. as shown in Figure 1

In fact, this reader’s question is also a pit that many beginners can easily encounter after building Wireguard – there is generally a consensus on the selection of novice: the priority is to choose the Singapore computer room, the reason is very intuitive—— The physical distance from China to Singapore is close, the theoretical delay is lower, and it is more comfortable to visit overseas websites.
I am also using the same Vultr Singapore node to fully deploy Wireguard according to the tutorial, and the configuration is optimized in place, but the actual use has also encountered the same problem as this reader: open Binance slow loading, the page is often rotated, k The line market is obviously lagging behind, obviously the bandwidth is full, but the body feels very smooth.
So I made a complete ping Delay, routing tracking, bandwidth speed measurement, and real-life access experience. Wireguard, readers who are choosing a VPS room and line, make a practical reference for pit avoiding.

1. Personal measured environmental baseline

Local broadband: Chengdu, Sichuan, mobile home broadband (gigabit bandwidth)
VPS service provider: vultr
Computer room node: Singapore
Machine configuration: 1 core / 1G memory / 25G SSD / monthly traffic 2.5TB
Use scenarios: self-built WireGuard self-use, browsing overseas sites, market platform access
Configuration status: WireGuard private key public key, shunt rule, DNS, MTU, and keep-alive parameters have been adjusted to the optimal, no configuration errors, no firewall conflicts

2. The original data of the whole network measured

Powershell ping delay test

PS C:\Users\Thinkpad> ping www.binance.com -n 30
正在 Ping dobbmei4jnjlh.cloudfront.net [18.64.211.66] 具有 32 字节的数据:
来自 18.64.211.66 的回复: 字节=32 时间=410ms TTL=245
来自 18.64.211.66 的回复: 字节=32 时间=415ms TTL=245
来自 18.64.211.66 的回复: 字节=32 时间=418ms TTL=245
来自 18.64.211.66 的回复: 字节=32 时间=426ms TTL=245
来自 18.64.211.66 的回复: 字节=32 时间=408ms TTL=245
来自 18.64.211.66 的回复: 字节=32 时间=407ms TTL=245
来自 18.64.211.66 的回复: 字节=32 时间=419ms TTL=245
来自 18.64.211.66 的回复: 字节=32 时间=409ms TTL=245
来自 18.64.211.66 的回复: 字节=32 时间=423ms TTL=245
来自 18.64.211.66 的回复: 字节=32 时间=426ms TTL=245
来自 18.64.211.66 的回复: 字节=32 时间=415ms TTL=245
来自 18.64.211.66 的回复: 字节=32 时间=418ms TTL=245
来自 18.64.211.66 的回复: 字节=32 时间=407ms TTL=245
来自 18.64.211.66 的回复: 字节=32 时间=410ms TTL=245
来自 18.64.211.66 的回复: 字节=32 时间=412ms TTL=245
来自 18.64.211.66 的回复: 字节=32 时间=409ms TTL=245
来自 18.64.211.66 的回复: 字节=32 时间=406ms TTL=245
来自 18.64.211.66 的回复: 字节=32 时间=408ms TTL=245

18.64.211.66 的 Ping 统计信息:
    数据包: 已发送 = 18，已接收 = 18，丢失 = 0 (0% 丢失)，
往返行程的估计时间(以毫秒为单位):
Control-C
PS C:\Users\Thinkpad> ping api.binance.com -n 30

正在 Ping d3h36i1mno13q3.cloudfront.net [18.155.69.202] 具有 32 字节的数据:
来自 18.155.69.202 的回复: 字节=32 时间=263ms TTL=248
来自 18.155.69.202 的回复: 字节=32 时间=255ms TTL=248
来自 18.155.69.202 的回复: 字节=32 时间=265ms TTL=248
来自 18.155.69.202 的回复: 字节=32 时间=257ms TTL=248
来自 18.155.69.202 的回复: 字节=32 时间=256ms TTL=248
来自 18.155.69.202 的回复: 字节=32 时间=253ms TTL=248
来自 18.155.69.202 的回复: 字节=32 时间=253ms TTL=248
来自 18.155.69.202 的回复: 字节=32 时间=257ms TTL=248
来自 18.155.69.202 的回复: 字节=32 时间=256ms TTL=248
来自 18.155.69.202 的回复: 字节=32 时间=254ms TTL=248
来自 18.155.69.202 的回复: 字节=32 时间=273ms TTL=248
来自 18.155.69.202 的回复: 字节=32 时间=297ms TTL=248
来自 18.155.69.202 的回复: 字节=32 时间=310ms TTL=248
来自 18.155.69.202 的回复: 字节=32 时间=311ms TTL=248
来自 18.155.69.202 的回复: 字节=32 时间=253ms TTL=248
来自 18.155.69.202 的回复: 字节=32 时间=253ms TTL=248

18.155.69.202 的 Ping 统计信息:
    数据包: 已发送 = 16，已接收 = 16，丢失 = 0 (0% 丢失)，
往返行程的估计时间(以毫秒为单位):
    最短 = 253ms，最长 = 311ms，平均 = 266ms
Control-C
PS C:\Users\Thinkpad> ping 8.8.8.8 -n 30

正在 Ping 8.8.8.8 具有 32 字节的数据:
来自 8.8.8.8 的回复: 字节=32 时间=253ms TTL=117
来自 8.8.8.8 的回复: 字节=32 时间=256ms TTL=117
来自 8.8.8.8 的回复: 字节=32 时间=253ms TTL=117
来自 8.8.8.8 的回复: 字节=32 时间=257ms TTL=117
来自 8.8.8.8 的回复: 字节=32 时间=262ms TTL=117
来自 8.8.8.8 的回复: 字节=32 时间=253ms TTL=117
来自 8.8.8.8 的回复: 字节=32 时间=259ms TTL=117
来自 8.8.8.8 的回复: 字节=32 时间=254ms TTL=117
来自 8.8.8.8 的回复: 字节=32 时间=254ms TTL=117
来自 8.8.8.8 的回复: 字节=32 时间=254ms TTL=117
来自 8.8.8.8 的回复: 字节=32 时间=258ms TTL=117
来自 8.8.8.8 的回复: 字节=32 时间=253ms TTL=117
来自 8.8.8.8 的回复: 字节=32 时间=257ms TTL=117
来自 8.8.8.8 的回复: 字节=32 时间=254ms TTL=117
来自 8.8.8.8 的回复: 字节=32 时间=253ms TTL=117

8.8.8.8 的 Ping 统计信息:
    数据包: 已发送 = 15，已接收 = 15，丢失 = 0 (0% 丢失)，
往返行程的估计时间(以毫秒为单位):
    最短 = 253ms，最长 = 262ms，平均 = 255ms
Control-C

Binance official website www.binance.com
The shortest is 406ms, the longest is 426ms, the average is 413ms, and the packet is lost.

Binance API API.Binance.com
The shortest is 253ms, the longest is 311ms, the average is 266ms, and the packet is lost.

Public DNS 8.8.8.8
The average delay is 255ms, and the link is smooth and has no packet loss.

Summary: The network path is completely normal, there is no packet loss, and the continuous line, but the transnational delay is seriously high, far below the experience standard of high-quality lines.

Tracert Router Tracking Analysis

PS C:\Users\Thinkpad> tracert www.binance.com

通过最多 30 个跃点跟踪
到 dobbmei4jnjlh.cloudfront.net [13.33.88.84] 的路由:

  1   254 ms   255 ms   260 ms  10.66.66.1 [10.66.66.1]
  2   259 ms   254 ms   253 ms  169.254.169.254
  3   275 ms   285 ms   274 ms  vl199-ds1-j2-r0124.sgp1.constant.com [45.32.97.97]
  4   261 ms   262 ms   253 ms  10.79.0.97 [10.79.0.97]
  5   275 ms   258 ms   257 ms  10.79.1.162 [10.79.1.162]
  6   261 ms   255 ms   280 ms  16509.sgw.equinix.com [27.111.228.87]
  7     *        *        *     请求超时。
  8     *        *        *     请求超时。
  9     *        *        *     请求超时。
 10     *        *        *     请求超时。
 11   252 ms   259 ms   268 ms  server-13-33-88-84.sin2.r.cloudfront.net [13.33.88.84]

跟踪完成。

Through the routing tracking, you can visually see the packet forwarding path, exposing the core problem:
2.1. The first hop delay of the Wireguard gateway starts at 254ms, and the bottleneck is not on the local computer.
2.2. The whole process of ordinary international BGP backbone, there is no CN2 GIA/CMI boutique direct line;
2.3. The routing passes through a large number of intranet relay nodes, and some backbone nodes in the middle section are prohibited from pinging timeouts, and the forwarding path is redundant and deliberately detoured;
2.4. There is no direct connection optimization route, and the innate delay cannot be suppressed, and it is useless to adjust the local settings.

SpeedTest Exit bandwidth speed measurement, open: https://www.speedtest.net/ . The result is shown in Figure 2

SpeedTest Exit bandwidth speed measurement, open: https://www.speedtest.net/ . The result is shown in Figure 2

Download: 61.26 Mbps
Upload: 41.07 Mbps
Speed measurement delay: 304ms ~ 550ms

Key conclusions:
The bandwidth is completely surplus, far enough, and the web page is slow, the market card, and the lag lag in the circle, and has nothing to do with the size of the bandwidth and the level of the machine.

Browser’s real access to somatosensory
Ordinary static web pages can barely open, but load is slow;
Visiting market trading platforms such as Binance, the homepage is slow to load slowly, and the switching page is frequently rotated in circles.

3. Deep dismantling: Why is the network very slow, but the network is very slow?
Misunderstanding: near physical distance = fast network speed
The vast majority of novice selection rooms will be intuitive:
Chengdu is close to Singapore in a straight line, which is definitely faster than Los Angeles, USA.

This is the biggest cognitive misunderstanding.
Internet transmission does not look at the physical straight-line distance, but only depends on the backbone route of the operator.

The innate shortcomings of Chengdu Mobile Broadband
Chengdu Mobile does not have a local international export, and all cross-border traffic must first go to Beijing, Shanghai and Guangzhou for unified exports and then go to sea.
Obviously very close, the data packet is transferred around most of the country, and the actual transmission distance has been greatly lengthened.

VULTR Singapore route is inherently limited
To be honest, to say:
There is no CN2 boutique line in all VULTR rooms, all of them are ordinary international BGP lines.
The free time period is barely available, and when the international link of the evening peak is congested, the delay will soar directly.
It is superimposed on the route detour of Chengdu Mobile itself, and the delay is easy to 300-400ms+.

Key conclusion: it’s not that your configuration is not adjusted properly
I have optimized the Windows network, WireGuard parameters, DNS, shunt, and preservation to the best.
It turns out:
Caton high latency has nothing to do with local settings, Wireguard configuration, machine hardware grade, and bandwidth size.

4. Suggestions for landing for self-built Wireguard players

Beginner’s Pit Advice
Don’t blindly rush to Singapore’s computer room with ‘physical distance’ alone.
In particular, Chengdu Mobile and ordinary household broadband, blindly choose Vultr Singapore, it is very easy to step on the big pit of high delay.
Three possible options, on demand
Option 1: Maintain the status quo and make do with self-use
If you don’t want to toss, don’t want to change service providers, and don’t want to redeploy Wireguard, you can make do with peace of mind.
Advantages: worry-free migration, configuration does not need to be changed, equipment does not need to be re-adapted;
Disadvantages: Accept high latency, suitable for ordinary browsing, not suitable for market, transaction, low latency demand scenarios.

Option 2: Leave at VULTR, only change the machine room and not the platform
If you don’t want to change merchants and are afraid of the trouble of reinstalling and deploying, you can migrate the Vultr machine from Singapore to Los Angeles.
The backbone route of Chengdu Mobile is more regular and less detoured, and the delay can be reduced from 400ms to about 200ms, and the stability and fluency have been significantly improved. The original Wireguard just needs to be replaced. IP, the configuration does not need to be changed.

Option 3: Pursuing silky low latency (optimal solution)
If you often visit overseas platforms, watch the market, you need to open the page in seconds, and the K line will not lag:
Give up Vultr directly and choose a VPS merchant with Singapore CN2 GIA boutique line.
Really give full play to the advantages of Singapore’s geography, the domestic delay is stable at 140-180ms, and the evening peak is not congested, delayed, or lost.

5. Written in the final summary

Self-built WireGuard is slow to access the external network, most of which is not a configuration problem, but a double pit for broadband operator routing + VPS lines;
Don’t rely on intuition to choose a computer room, the physical distance is close to the network routing, and Chengdu mobile users should pay special attention;
Vultr is suitable for beginners, simple deployment, loose risk control, but no CN2 dedicated line, not suitable for low-latency rigidity;
If you don’t want to toss, just make do with it. If you want to experience either moving to the Los Angeles computer room, or directly changing the boutique line merchants with CN2.
I myself choose the first option: maintain the status quo and make do with your own use. In the future, when I plan to have free time, I will redeploy it with scheme three.