Surfshark WireGuard config not working
-
Hi All,
I'm having a strange problem with my wireguard config.
I have no issues when I route a single host via Firewall - Rules to the OpenVPN gateway - dns resolution, ping, curl and wget commands, etc. When I route the same host to the wireguard gateway, dns resolution and ping is ok, but everything else is failing.
Testing with a Wireguard client on my MACbook, the config works perfectly. So it's just an issue with PFSense.
My PFSense wireguard config is very simple, but clearly I have something wrong.
- VPN - Wireguard - I have a tunnel and 2 peers
I'm using SurfShark and there is a peer for wgs.prod.surfshark.com & be-bru.prod.surfshark.com. Having 2 peers seems odd to me, but again it works fine with the Wireguard client.
- Interface with a static IPV4 address with an associated gateway
- Gateway with the same IP address as the Interface
- Firewall - NAT - Outbound mappings for the wireguard interface (127, 192)
- Firewall - Rules - Lan - static mapping of a host to the wireguard gw
Any clever ideas?
-
Hi,
I found that there is something more basic happening. Routing is not working when I have the Wireguard gateway active for a host.
When I run traceroute on a Linux box with OpenVPN (on PFSense) there is no issue, but with Wireguard (on PFSense) I get zilch, not even an entry for the PFSense router (192.168.100.1).
Can someone please point me in the right direction?
-
If helpful, here are pics for my Wireguard setup. Handshaking for the peers is fine and everything looks straight forward, but it will just not route from the lan host (192.168.100.3).
-
I have more or less the exact same config as you going out to Mullvad VPN and have the same issue.
Performing a traceroute to somewhere on the internet I don't even get to the first hop (the pfsense GW)
Something isn't right with the routing when using WG..
This behavior is the same on both 2.5.2 and 2.6 with the latest WG package.
-
@yuljk Thanks for the reply. At least I know it’s not just me. There must be something wrong with routing with the Wireguard package.
I hope someone can figure it out.
-
If this is helpful for someone to help triage, below is a failed "traceroute" from a Debian host on the LAN with a Firewall Rule to route to the Wireguard gateway.
root@openmediavault:~/surfshark# traceroute www.bbc.com traceroute to www.bbc.com (212.58.233.250), 30 hops max, 60 byte packets 1 * * * 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * *^CFor some reason ping and nslookup work just fine.
root@openmediavault:~/surfshark# nslookup google.com Server: 192.168.100.1 Address: 192.168.100.1#53 Non-authoritative answer: Name: google.com Address: 142.250.178.14 Name: google.com Address: 2a00:1450:4009:81d::200e root@openmediavault:~/surfshark# ping www.google.com PING www.google.com (216.58.213.4) 56(84) bytes of data. 64 bytes from ber01s14-in-f4.1e100.net (216.58.213.4): icmp_seq=1 ttl=55 time=5.51 ms 64 bytes from ber01s14-in-f4.1e100.net (216.58.213.4): icmp_seq=2 ttl=55 time=5.85 ms 64 bytes from ber01s14-in-f4.1e100.net (216.58.213.4): icmp_seq=3 ttl=55 time=5.22 ms 64 bytes from lhr25s25-in-f4.1e100.net (216.58.213.4): icmp_seq=4 ttl=55 time=5.79 ms 64 bytes from lhr25s25-in-f4.1e100.net (216.58.213.4): icmp_seq=5 ttl=55 time=6.05 ms ^C --- www.google.com ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4006ms rtt min/avg/max/mdev = 5.215/5.682/6.051/0.291 msAnd, the assigned DNS for the Wireguard gateway is 8.8.8.8 & 8.8.4.4.
-
Good afternoon, sorry for the stupid question, but where can I get the wireguard config file for surfshark for manual configuration router? in surfshark describe only openVPN setup
-
@whiteout541 Contact Surfshark and ask them.
Ted
-
got this answer
"Currently, we do not support Wireguard manual connection, thus you won't be able to set it up on your router. However, we do have plans to implement it later this year.
Customer Success Shark"
-
@whiteout541 It’s not official, but possible. Here is how to create the Wireguard config files for Surfshark https://github.com/yazdan/openwrt-surfshark-wireguard