@Bob-Dig ok I will go this way, maybe my fault but still not clear what traffic should not go through the VPN....local I suppose. I have taken this guide as the failover to wan scenario is a good approach to me. IVPN is reliable but not guaranteed it could not drop for some reason and the setup guide on their web site is apparently oriented to just a kill switch scenario.
Thank you

@Bob-Dig I'm sure it's no misconfiguration. The packet loss are short 1min Windows. They made their wireguard server very stable lately. So it's more like 2-3 times a week now. With my OpenVPN backup I never notice the the packet loss at all. Only my monitoring notices.

I get the picture now wrt WG configs with this or that VPN provider. ProtonVPN has their WG configs but no pfsense setup docs. I haven't used Windows in years and as a 'Linux for Dummies' kind of user I sometimes have a clue. 😊

Being a Netgate Minnow w/ 2C Intel Atom (AES-NI) I get about 12MBs (Mega Bytes) sustained but that pushes CPU usage into 50-60% range. That's with OpenVPN, WG may not be feasible.

This newish Pfsense/WG howto peeks my interest: link text

We'll see.

Thanks,

Onecut

@Bob-Dig
Don't works. The firewall don't knows the dns names, so i normaly use the AD server as DNS server, so all internal hosts could be resolved. But WireGuard works not this way.
I made now 2 host overrides in the DNS Forwarder and now the hosts will be recogniced. But I think it also should go the other way round.

@s0m3f00l NP. It's always good to check before upgrading.

@jimp Thank you! Sorry I didn't run across this in my reviews of other forums. That was EXACTLY what I was looking for!

@q54e3w If it's a config error, why would it have connected for a couple days without ANY issues? That's scary in itself then!

@misterb

for me a cron job @reboot with this command works:
sleep 30 && /usr/local/sbin/pfSsh.php playback svc restart dpinger

I do have service watchdog running for Wireguard.
Only tested twice. Your mileage may vary.

Our documentation has a few recipes:

https://docs.netgate.com/pfsense/en/latest/recipes/index.html#id1

@Bob-Dig Thanks for replying. Here are screenshots of the config. Let me know if you need any more.
WG1.png WG2.png WG3.png WG4.png WG5.png

It wasn't a DNS problem. After reviewing the logs and error notifications, I believe there were problems with pfBlockerNG DNSBL service and pfBlockerNG firewall filter service. Once I disabled these services Wireguard and OpenVPN worked like a charm. I tried to reinstall pfBlockerNG, unfortunately pfBlockerNG DNSBL and pfBlockerNG firewall filter services did NOT restart. Any suggestions?

It is working now. It is just the MAC. When I use a Windows and use AllowedIPs = 0.0.0.0/0 it is working now: both full tunnel and split tunnel.

However, in my case (BTW-I found the backup and note), for some reasons, in the NAT Outbound, I use the LAN and not WAN as the Outgoing then everything is working as I expected. Strange but it is WG and experimental package.

Seems to work ;-) thanks again @Bob-Dig

@griffo Same thing happened to me. Glad this thread was in the forums because, yeah (head slap), of course I should have set the client's DNS address to the Wireguard interface on the server. Thanks for posting!

@paczka I also encountered this situation. Need to restart the wireguard service