Last month, we finally introduced support for WireGuard in IPFire. It’s been a long time since a new VPN technology was added to IPFire, but demand for WireGuard has skyrocketed as it’s rapidly become a popular choice in the industry. Naturally, we wanted to make sure that IPFire users benefit from its simplicity and modern cryptography, too.
Why Performance Matters in VPNs

At IPFire, security always comes first. But we know that performance is just as important. Your network shouldn’t just be secure—it should be fast, too.
Performance means two things: high throughput for large file transfers like backups, and low latency for things like video calls and browsing the web. Only when both come together does your network truly feel fast—and that’s exactly what IPFire is built to deliver.
But what happens when you add a VPN to the mix? Whether you’re backing up data offsite or connecting securely to a remote data center, a VPN introduces complexity. Every packet needs to be encrypted, decrypted, and checked for integrity—all in real time.
IPFire’s IPsec VPN takes advantage of hardware acceleration to handle encryption, using AES—the most widely used cipher in the world. AES is fast, trusted, and supported by almost all modern processors.
WireGuard, however, chose a different approach. Instead of AES, it uses a stream cipher called ChaCha20, which is easier to implement in software and often more energy-efficient. But since there’s no hardware acceleration for ChaCha20, everything relies on raw CPU power.
So how does this all perform?
Benchmark Results: Old vs. New

We’ve benchmarked our WireGuard implementation across all of the appliances in our shop, and one result stood out: The new IPFire Mini Appliance.
This is the successor to the original model, already trusted by countless users worldwide. While the old model is still solid, the new version has exceeded all our expectations—especially in VPN performance.
Let's have a look:
WireGuard Throughput IPsec Throughput (AES-256-GCM)
IPFire Mini Appliance (2025) 1.55 Gbps 1002 Mbps
IPFire Mini Appliance (2019) 202 Mbps 115 Mbps
The IPFire Mini Appliance is designed for small offices or branch locations that need reliable, secure VPN connections. Years ago, a 100 Mbps internet connection was considered fast, and the older appliance was more than capable of handling that—even with VPN encryption.
Today, 1 Gbps connections are becoming the standard, and you need a firewall that keeps up. The new Mini Appliance not only handles this easily, but it also encrypts everything transparently, runs IPS on top, and still delivers the smooth, responsive network you expect.
No Compromises on Security or Speed

VPNs don’t have to slow you down. With the right hardware—and with IPFire—you can enjoy fast, reliable, and secure connectivity, even across multiple VPN tunnels.

The new IPFire Mini Appliance proves that with modern hardware and cutting-edge software, you don’t have to compromise between security and speed.
Ready to upgrade or need advice on choosing the right appliance? Visit our shop or get in touch — we will help you build the perfect setup for your network.


More...