@Jarhead I do it like that. It might be less secure, but how much? I wish we could get rid of the Resolver ACL too. @Jarhead said in Why use Allowed IP's?: why would we ever set specific Allowed IP's if they really aren't doing anything needed? (like creating routes for example) If you have more than one other peer, you can do 0.0.0.0/0 only on one.

@jhl Yes, the older version of iperf3 on Windows clients was to blame for low testing speeds.

@marksmeets The allowed IP's are the networks on the other side of the tunnel that will be allowed to traverse the tunnel. On the peer config in pfSense, not the actual peer, you're only allowing the tunnel IP. You should also add 0.0.0.0/0 as allowed. My thinking was this was causing the problem when the AP changed since you said the laptop would then have a different IP.

@n3IVI0 My setup was correct. The problem was on Mullvad's end. The first server in my list was one of their Houston servers. It's a fast server, one I tend to use a lot. And it was first in line. That server appears to be down. None of my clients will connect to it. The moment I tried to connect to a different one, it connected immediately. And yes, I should have thought of that. I am working through some jet lag at the moment. DOH. Been running in circles for days trying to figure this out.

@JustAnotherUser I guess I'll say it again, you would have to allow computer 2 across the WG0 tunnel.

@JustAnotherUser did you save your config before trying to add the wireguard VPN? If so load the old config and reboot your system to get back to a known working router with OpenVPN. Try again next week. I run both wireguard and openvpn servers and clients simultaneously.

@Tenorbro It does not need to be assigned but that changes the rules. You would then not have a discreet interface to put rules on and only use the Wireguard group for rules. This could be problematic if you have a few tunnels so it's easier to assign an interface just because of the rules. This also depends on the WG setting "Interface Group Membership".

@java4dev You also need routes and the correct config of Wireguard at Site HQ. If you don't figure it out, post a lot of screenshots I guess.

@sensenmann damn stupid just reinstalled the package, works SORRY

@jimp Thank you. You are awesome. A threat you replied to in 2014 fixed a problem I am facing today hahaha. [image: 1716522634595-301ad6d5-c20a-417b-abfa-a78a39fb81ff-image.png] [image: 1716522682485-f83d7898-70cc-438b-9970-6e5b46caeeeb-image.png]

@Thrashbang well, in short terms: you'd need a (wireguard / vpn) server in a country that provides your wanted IP. Then you could set your server and app so that all traffic goes thru the wireguard tunnel. Since most ppl do not have access to such a setup, there are some services (that cost money) that do that for you. You can set the country the tunnel comes out (therefore the geo IP). BUT: imho such services are mostly bs (sorry). You never really know what those services do with their (your) data, they often have funny locations and overall often seem kinda...well...bs. So, you better look twice and make sure you chose a reliable company. Search for VPN provider, VPN geo lock...you'll find a lot.. jm2c

@droidus Need to investigate elsewhere in your config i'm afraid.

@tman222 Good question. Try it!