@thondwe said in Wireguard Firewall Rules: Assume the benefit of assigning would come into play with multiple tunnels with a need for different rules then? e.g. Test + Production? Or when using a site-to-site setup?? Exactly. And how often do you have multiple remote access tunnels on the same system? Usually one would just make one RA tunnel with a big enough subnet for however many users they would need. So no real need for an interface. But site to sites definitely benefit from the separate rules.

@sprout0002 the same thing is occuring with me trying to set it up with NordVPN. Wireguard generates the wrong public key for the private key I'm entering. Did you find a fix or way to enter your public key from proton?

@reza-mnp - settings / enable wireguard - that is it done.

@koenh No problem. Glad you got it fixed and believe me, the Wireguard wording is confusing at best!

@jarhead i will not have access for the next 5 days. I will take a look again afterwards.

I've set up Wireguard on a Linux laptop running Ubuntu 22.04. I've tethered it through my phone's mobile data service, and then started the Wireguard connection on the laptop. That seems to be working fine — I can access the pfSense web admin page; I can download large test files from my test device; I can upload large files via SSH. So, that indicates the problem is really with the Android Wireguard app, while the pfSense Wireguard implementation is fine.

@michmoor I Do have multiple WAN connections. I have the wireguard only using one WAN connection though.

@keyser Reboot of the netgear router will be the first thing i try the next time this issue occurs. I had never thought about the possibility of the issue being on the netgear router before, so ill be testing and verifying that next time.

@jarhead Thanks for clarifying that. I guess it's not possible with WireGuard. I know I can do it with OpenVPN, but throughput is not that great.

@bob-dig Thank you very much! I will try that.

@bob-dig the reason I suspect the Realtek LAN driver is tied to WG is due to the fact I didn't change ANY settings other than swapping the interfaces between LAN and WAN. Wireguard tunnels, routing and firewall rules all remained exactly the same as before (when I changed things, I always tried to change 1 thing at a time so I know what each change's effects were). Due to this experience, I just bought another M.2->LAN adapter with Intel chipset this time for my Intel Nuc. I will swap my Realtek adapter (currently running as WAN) and try a few more experiments to see if it had something to do with the m.2->LAN issue or not.

FYI, this issue seems to be resolved in pfSense Plus - I tested it today, after upgrading. So it's "broken" in CE (only)? Thanks!

I was able to get it figured out. WireGuard going through my Netgate XG-1541 even if on the LAN side with router being a UniFi UDM-SE seems much quicker than the UDM-SE providing WireGuard.

@molski You are doing things your own way which is fine, if you know what you are doing, but I have my doubts. It looks to be more trial and error on your side.

@nickologic Why are you using public IP's on you LAN?

I have the same problem. Tried both Safari and Firefox on macOS. I get this error in Safari's console upon clicking Generate: SyntaxError: JSON Parse error: Unrecognized token '/'! [image: 1672422949494-screenshot-2022-12-30-at-19.53.00.png] I get this error in Firefox's console upon clicking Generate: Uncaught SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data! [image: 1672422964746-screenshot-2022-12-30-at-19.55.03.png] I've inspected the JSON response and there was an offending / in the start of the response which makes it invalid: /{"privkey":"...","pubkey":"...","was_clamped":true}