@dma_pf Are you talking about the dns server in wireguard or dns server on the wan port of the 6100? My lan ip for the 6100 is 192.168.2.1 and the wireguard vpn is 10.1.1.1. In my peer config I have allowed ips = 10.1.1.1/32, 192.168.2.0/24

@_rp No, I tried a couple sets of scripts but gave up trying to get them to work. I'm sticking with OpenVPN until the WireGuard process improves.

Still having this problem. Thinking about ditching most of the peers, as it is hindering functionality. Back to OpenVPN by the looks, disappointing Wireguard implementation as a complete package.

The problem is well known There is no solution I know of. https://forum.netgate.com/post/1081694 https://forum.netgate.com/topic/177255/wireguard-site-to-site-gateways-disabled-after-reboot-service-not-starting/7

@edjusted Sorry, I never found anything. I had to setup the tunnel fron scratch.

@bob-dig said in Strange login from another country: @pastic said in Strange login from another country: I realise something as I write this: are there 'two levels' involved here? The wireguard rule will let everyone through the firewall on the specified port, but having passed the firewall block then the wireguard service will still refuse everyone that does not have the configured keys? Yes. Hard to believe that this is news to you, you are setting up a graylog server, which is advanced stuff in my book. Let's call it a blind spot. :-) I don't work with networks, it's just a hobby. And until this Wireguard 'project' I always had pfsense blocking everything from the outside. And yes, I did struggle a bit setting up graylog, but it was fun. Thanks!

I have two internet connections on my pfsense. I also noticed sometimes the VPN connection stays up but it stops routing data over the wireguard link till i restart the wireguard service.

@jarhead said in wireguard server,how to change the MTU?: @msibyte said in wireguard server,how to change the MTU?: @jarhead In which section to change this? [image: 1678788023297-wg.png] [image: 1679092999787-screenshot_20230318014317.png] enabling LAN - disables access to the website via an external IP

hey guys, i guess it isn't a common problem. i think i fixed it by changing the MSS and MTU to 1420 on the Wireguard interface. hope this may help someone in the future.

@bob-dig I will use wireguard as the primary with failover to openvpn and setup a setup openvpn to deal with the country exception. shame, seems wireguard does perform better on the same h/w are access

Ok - disregard the above post. If I could delete it, I would. It it turns out what I am trying to achieve works flawlessly. I had another problem in my wg config (with the firewall rules) that was causing my icmp pings to not return, which I assumed was a wg issue.

@jarhead that did it. added the RoadWarrior tunnel ip to the allowed ip on parents peers. thanks man, that was easy!!

@keyser said in Wireguard Site-to-Site Setup - Errors on Interface: @tman222 Just out of curriosity: What boxes are on either end of that tunnel? I’m looking for what throughput can be expected for the SG-2100 ARM based boxes, but no-one seems to know :-) (With 900mbps+ I know you are not ) Hi @keyser - hardware on both sides fairly powerful (at least as far as firewalls concerned): System on one side is driven by a Xeon D-1518 CPU, System on the other side has a Intel Core i3 10100 CPU. Bear in mind that those results are from a single stream iperf3 test using default settings (i.e. large 1500 byte packets) and that the site to site latency is only a few milliseconds.