Stolen from Vultr. Notably, without those, WireGuard performance is total crap. For FreeBSD 14 (and maybe other versions?).
loader.conf
aesni_load="YES"
cc_htcp_load="YES"
crypto_load="YES"
cryptodev_load="YES"
virtio_random_load="YES"
aesni
and crypto
aren’t actually needed as it’s kernel builtin. cc_htcp
is probably not needed either as it’s just a different tcp congestion control algorithm.
rc.conf
ifconfig_vtnet0="DHCP -rxcsum -tso"
ifconfig_vtnet0_ipv6="inet6 accept_rtadv -rxcsum6 -tso6"
sysctl.conf
hw.mds_disable=3
kern.ipc.maxsockbuf=67108864
net.inet.tcp.sendbuf_max=67108864
net.inet.tcp.recvbuf_max=67108864
net.inet.tcp.sendbuf_auto=1
net.inet.tcp.recvbuf_auto=1
net.inet.tcp.sendbuf_inc=16384
net.inet.tcp.cc.algorithm=htcp