@floky99 This forum is only for discussion relating to WireGuard on pfSense. I'd recommend posting here https://www.reddit.com/r/WireGuard/

@theonemcdonald Sorted. Cheers man :)

@theonemcdonald Thanks my friend for your answer the MTU value of my network interfaces is 1500

@gertjan Could also be TLS failing because of MTU issues.

@netermin I don't understand what you mean. pfSense has 2 DNS systems available, a forwarder and a resolver. Resolver is enabled by default. Your clients should be using pfSense as their DNS, either statically or set via DHCP. Edit: If you don't want to make any changes to your DNS and you just need access to one or two servers from the one client, you could always edit its hosts file to add those names and point them to their IPs.

@yon-0 thanks, this will be fixed in next build which I hope to have submitted to Netgate soon

@theonemcdonald Will do. So far this issue has been specific to Mullvad (wg) tunnels. With their recent change sounds like it's fixed now, but I will get that monitoring configured and will post results here soon.

I solved it! I didn't realize that WG allowed IP's also acted as a firewall for destination IP's for outbound. So if you want to route destination=Internet through the tunnel, you would have to add 0.0.0.0/0 to the allowed IP's on Site B. WG reference: https://www.wireguard.com/#conceptual-overview

@theonemcdonald Well I tried removing the package to see if the newer version would show up when I went to reinstall. It did not. My guess is that Netgate hasn't rebuilt a package with the new version. However, despite having things set to retain settings upon uninstall/reinstall, I lost all of them. Fortunately I had a backup and was able to restore. Something is not working right for sure on that front.

@dominikhoffmann said in Surprising amount of ping chatter on LAN: 192.168.1.x is my wired LAN, and 192.168.4.x is my wireless LAN. Both are bridged together. Huh? You don't bridge together different L3 networks? But generally no - devices on a network don't just randomly ping other IPs on the network. A device might ping its gateway, it might ping some external IP to validate its got internet access. A client might ping a server it talks to for some services. If your running say HAproxy on pfsense it might ping the backends you have setup to validate they are online to send data too.. But no you don't normally see some device pinging .X and then .Y and then .Z etc.. unless its a device meant to do that.. Some sort of monitoring device to check what is on your network, etc.

@theonemcdonald said in Wireguard Public and Private Key Protection: I have mentally considered an additional layer for the extremely paranoid, but because pfsense already has encrypted configuration backup capabilities, I don't plan on spending much time on this any time soon. Fully agreed.

@lcbbcl Yeah this just a bug where it was backwards. Fixed in 0.1.1

@theonemcdonald Your question tickled the appropriate neuron. I had the wrong server ip address. Once corrected, access to the local subnet was established but no internet. I then went over to firewall outbound nat and noted that there were automatic rules for openvpn and ipsec but not for wireguard. I switched mode to hybrid, entered and saved the new rule and now have access to the internet. Thanks for your help. Ted Quade

@vajonam Thanks so much for the advice! I was thinking it would be a lot more complex than that :-) This particular firewall has clients only, the other firewall forwards the OVPN port to its server with no problems. Another lesson learned, with my appreciation! Cheers, Chuck

@ofloo said in WireGuard Removed from pfSense CE and pfSense Plus Software: Also FreeBSD didn't release it, Netgate did. It was pulled from the 13 release. To quote you: it should never have been in the release in the first place! And I already said: I'm with you that it was rushed into the release (and was quite a surprise in the announcement) and was there too early. Full ack there. But I don't only hope Netgate will learn from that but also FreeBSD itself. That wasn't a stellar performance for all participants ;)

Europe is moving away from american software in any regard. That is the trend here in Scandinavia.

OK ... thanks

@ryanm You are not seeing some sites because Wireguard requires MSS clamping. Set the MSS to 1380 and it should solve your problem. It's covered at the end of this page: https://github.com/FingerlessGlov3s/OPNsensePIAWireguard Also, depending on the CPU, you can get up to 700Mbit/sec with Wireguard-go