@The-Party-of-Hell-No Conversation I had with technician at Surf Shark about two WireGuard tunnels simultaneously: another question can I use the same tunnel and have multiple gateways(Peers) going to different surfshark servers through the same tunnel? Saul Buchanan 's avatar Not at the same time, but you can use the same tunnel with different peers, yes. Okay, can I create individual tunnels for each peer (Surfshark server) I wish to use as a gateways. I have done this using the openvpn protocol Saul Buchanan 's avatar Essentially yes. Isn't the problem generating keys for each tunnel? Saul Buchanan 's avatar Not really, as you can use the same private keys with multiple tunnels. I would just like to emphasize that multiple connections at a time from the same device will most likely encounter issues. [image: 1729791597775-untitled.jpg] The challenge I ran into was thinking the endpoint port (51820) had to match the tunnel port.. It cannot be changed - obviously it is set by SurfShark, but it means both tunnels share the same endpoint port. It seems to work: [image: 1729792262521-untitled2.jpg]

@Frosch1482 For starters change the interface to a /24. You have it as a /32.

@TeeNetGate1 Adding in more testing, from pfsense I can ping the endpoint IPv4 & v6. But still not handshake. I took a server I know works, from the 3100, but it does not work. I have added in an interface IP, which i can ping and this does not work. Do I have a lemon of a pfsense box?

@db858 Android: interface -> addresses is the client IP address for example 10.20.30.10/32 peer -> "allowed IP" is for the destinations to route over the WireGuard tunnel pfSense: Allowed IPs is the client IP address 10.20.30.10/32

@erdeed I asked the same question here: https://forum.netgate.com/topic/189938/bind-wireguard-tunnel-listener-to-a-specific-wan-ip?_=1726753285158 I'll watch your post too in case someone replies.

@elvisimprsntr privacy is probably more of a concern than vm expense ! why the hell we can not self hosted tailscale and paie a license to use it ! it's beyond me :)

@Zockerherz Good to know you got it working. I dismissed my FritzBox since it did not work with my ISP (o2) behind a pfsense at all. Since in the Box is a predefined configuration for o2 i need to make a user defined one for make it working behind pf sense. But all my tries to make the user defined configuration working sucks. always if i enter the o2 sip server, the box destroy my own config and switch back to the predefined config. Therefor i do use a Gigaset go box 100 and Gigaset DECT-Phones now. Much less trouble to config.

@Bob-Dig Hey thanks for chiming in just really stumped why things exactly 2 days ago stopped working. Hopefully this might help from the pfsense side: Wireguard Tunnels: [image: 1725740477187-screenshot-2024-09-07-at-3.11.40-pm.png] wg1 interface settings: [image: 1725740477313-screenshot-2024-09-07-at-3.13.45-pm.png] Firewall for the WG interface (wg1) [image: 1725740477355-screenshot-2024-09-07-at-3.14.56-pm.png] Digital_Ocean_WG_S2S_VPN has value of 10.8.110.0/24 [image: 1725741228773-screenshot-2024-09-07-at-3.33.04-pm.png] Isn't there a log file somewhere where the WG service would log attempted connections? It seems based on firewall rules and firewall logs there would be traffick passed through to the listening process on 51821. Within the linux client on digital ocean its possible to do dynamic kernel logging. I think within pfSense the wireguard stuff isn't within the kernel but a user space utility?

@Bob-Dig You are correct. Thank you for the reply. I have peace of mind with the config now. Again, I appreciate the time

@ogghi Sorry for the spam! It works just fine now. I had to remove the upstream gateway from the 2 tunnel interfaces on each site and then it started...

@McMurphy said in Does the GW IP matter?: SiteA = 172.16.0.1 SiteB = 172.16.0.2 These are both in the same network even if you had a /30 Do you have other interfaces i.e. LANs on these boxes? I assume you do. Yes you would be able to see at least both addresses from either box. left to guess your layout nobody can really understand what your goal is.

@ManofWax known issue https://redmine.pfsense.org/issues/13405 no fix…