@Bob-Dig I'm sure it's no misconfiguration. The packet loss are short 1min Windows. They made their wireguard server very stable lately. So it's more like 2-3 times a week now. With my OpenVPN backup I never notice the the packet loss at all. Only my monitoring notices.

I get the picture now wrt WG configs with this or that VPN provider. ProtonVPN has their WG configs but no pfsense setup docs. I haven't used Windows in years and as a 'Linux for Dummies' kind of user I sometimes have a clue. Being a Netgate Minnow w/ 2C Intel Atom (AES-NI) I get about 12MBs (Mega Bytes) sustained but that pushes CPU usage into 50-60% range. That's with OpenVPN, WG may not be feasible. This newish Pfsense/WG howto peeks my interest: link text We'll see. Thanks, Onecut

@Bob-Dig Don't works. The firewall don't knows the dns names, so i normaly use the AD server as DNS server, so all internal hosts could be resolved. But WireGuard works not this way. I made now 2 host overrides in the DNS Forwarder and now the hosts will be recogniced. But I think it also should go the other way round.

@s0m3f00l NP. It's always good to check before upgrading.

@jimp Thank you! Sorry I didn't run across this in my reviews of other forums. That was EXACTLY what I was looking for!

@q54e3w If it's a config error, why would it have connected for a couple days without ANY issues? That's scary in itself then!

@misterb for me a cron job @reboot with this command works: sleep 30 && /usr/local/sbin/pfSsh.php playback svc restart dpinger I do have service watchdog running for Wireguard. Only tested twice. Your mileage may vary.

Our documentation has a few recipes: https://docs.netgate.com/pfsense/en/latest/recipes/index.html#id1

@Bob-Dig Thanks for replying. Here are screenshots of the config. Let me know if you need any more. [image: 1682674179487-wg1.png] [image: 1682674184460-wg2.png] [image: 1682674189737-wg3.png] [image: 1682674194254-wg4.png] [image: 1682674197341-wg5.png]

It wasn't a DNS problem. After reviewing the logs and error notifications, I believe there were problems with pfBlockerNG DNSBL service and pfBlockerNG firewall filter service. Once I disabled these services Wireguard and OpenVPN worked like a charm. I tried to reinstall pfBlockerNG, unfortunately pfBlockerNG DNSBL and pfBlockerNG firewall filter services did NOT restart. Any suggestions?

It is working now. It is just the MAC. When I use a Windows and use AllowedIPs = 0.0.0.0/0 it is working now: both full tunnel and split tunnel. However, in my case (BTW-I found the backup and note), for some reasons, in the NAT Outbound, I use the LAN and not WAN as the Outgoing then everything is working as I expected. Strange but it is WG and experimental package.

Seems to work ;-) thanks again @Bob-Dig

@griffo Same thing happened to me. Glad this thread was in the forums because, yeah (head slap), of course I should have set the client's DNS address to the Wireguard interface on the server. Thanks for posting!

@paczka I also encountered this situation. Need to restart the wireguard service