"Optimal" VPN setup for my use case?
-
Hi everyone,
I have installed pfSense 2.6 and I use Mullvad as my VPN provider of choice. I am also using the DNS resolver in pfSense, not in forwarding mode. As Mullvad does DNS hijacking, I cannot use a Mullvad Wireguard connection as the outgoing interface for the resolver. So, I am using two Mullvad OpenVPN connections for the resolver as outgoing interfaces. I am using two, in case one connection fails. I also set it up in a way that the connection is in two different states in the US.Now the masterplan was to use a WireGuard connection (or two for the same failover reasons) as traffic gateways for my VLANs. I set this up in the same states as the OpenVPN connections. Unfortunately, the Wireguard speed is only 80mbit out of a 450 mbit connection. I already change MTU/MSS to 1420 with no success.
So, three questions:
- Would it be better to have all VPN connections going to one state for pinging and latency reasons? Now it might be that the DNS connection goes to one state and the traffic goes to another one.
- What else can I try to improve the Wireguard speed?
- When I choose the Wireguard server for traffic, do I identify the server with the optimal ping with the OpenVPN interface or with the general WAN interface as the source?
Thanks a lot for some thoughts
-
-
Shouldn't make much difference.
-
What latency are you seeing across the tunnel? What hardware are you using? What speed do you actually see outside the tunnel?
-
Use the WAN as source. The last thing you want is a VPN connecting out across another VPN, either way around.
Steve
-
