@jarhead i will not have access for the next 5 days. I will take a look again afterwards.

I've set up Wireguard on a Linux laptop running Ubuntu 22.04. I've tethered it through my phone's mobile data service, and then started the Wireguard connection on the laptop. That seems to be working fine — I can access the pfSense web admin page; I can download large test files from my test device; I can upload large files via SSH.

So, that indicates the problem is really with the Android Wireguard app, while the pfSense Wireguard implementation is fine.

@michmoor I Do have multiple WAN connections. I have the wireguard only using one WAN connection though.

@keyser Reboot of the netgear router will be the first thing i try the next time this issue occurs. I had never thought about the possibility of the issue being on the netgear router before, so ill be testing and verifying that next time.

@jarhead Thanks for clarifying that. I guess it's not possible with WireGuard. I know I can do it with OpenVPN, but throughput is not that great.

@bob-dig Thank you very much! I will try that.

@bob-dig the reason I suspect the Realtek LAN driver is tied to WG is due to the fact I didn't change ANY settings other than swapping the interfaces between LAN and WAN. Wireguard tunnels, routing and firewall rules all remained exactly the same as before (when I changed things, I always tried to change 1 thing at a time so I know what each change's effects were).

Due to this experience, I just bought another M.2->LAN adapter with Intel chipset this time for my Intel Nuc. I will swap my Realtek adapter (currently running as WAN) and try a few more experiments to see if it had something to do with the m.2->LAN issue or not.

FYI, this issue seems to be resolved in pfSense Plus - I tested it today, after upgrading. So it's "broken" in CE (only)?

Thanks!

I was able to get it figured out.

WireGuard going through my Netgate XG-1541 even if on the LAN side with router being a UniFi UDM-SE seems much quicker than the UDM-SE providing WireGuard.

@molski You are doing things your own way which is fine, if you know what you are doing, but I have my doubts. It looks to be more trial and error on your side.

@nickologic Why are you using public IP's on you LAN?

I have the same problem. Tried both Safari and Firefox on macOS.

I get this error in Safari's console upon clicking Generate:
SyntaxError: JSON Parse error: Unrecognized token '/'!
Screenshot 2022-12-30 at 19.53.00.png

I get this error in Firefox's console upon clicking Generate:
Uncaught SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data!
Screenshot 2022-12-30 at 19.55.03.png

I've inspected the JSON response and there was an offending / in the start of the response which makes it invalid:

@menethoran Yes, I have used this script to generate a config from the Sydney, Australia server, and It's working fine. However, as PIA does not provide the official method to do this on pfSense, I'm not sure if it will work as reliably as other VPN providers who do offer it. Still, it stayed connected for two days and survived two pfSense reboots, so PIA didn't nuke my generated config just because I got disconnected for a few minutes, which is good.

Sounds like Outbound NAT is missing. https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-client.html#outbound-nat

Is there any update to the potential of having a WireGuard VPN wizard like the OpenVPN wizard with client exports?

@dennism14
Does your home router have a public IP that is it accessible from outside? If he doesn't it won't work with BGP or forwarding naturally.
In this case you can only go with VPN.

According Christian McDonald from NetGate in his video "pfSense WireGuard Guide Series 001 - Mullvad Failover" it should start handshaking at this point