Wireguard is not routing any traffic
-
@bob-dig 1412 seems to work. Maybe you have to play a bit
-
Solved my DNS problem. Looks like wireguard is not adding any routes. I had to add a manual one for the DNS-Address and the gateway
-
Got it working too, thanks for the MTU hint!!
I went with 1420. Without it, it wasn't working.I didn't need any routes but my setup is different. Also no manual outbound NAT needed, see below.
For IP I went with /32 and changed the IP for the second tunnel myself.
-
Something to note when using Surfshark VPN on pfSense with WireGuard instead of OpenVPN.
You decide which IP will be used > no more overlapping IPs with different tunnels.
No good GUI support for changing the public IP of one tunnel, you have to restart the whole WireGuard service for all the tunnels to change IPs and it takes much longer for a new connection (but it is possible).
In my testing, speed was the same with my hardware.
-
@thisisme I noticed that the performance is lower with WG on ss, more loss etc. What is your experience so far?
-
@bob-dig I don't see any performance loss. Maybe even a little gain, but hard to say, because the last 15mbit to my full bandwidth are a bit unstable with Surfshark with both approaches.
-
@thisisme Probem for me it is packet loss, not the speed. I kinda remember that even in their own app, WG is working worse then OVPN, so I will switch back...
YGWYPF -
@bob-dig since 2 hours I have a lot of loss too. Since then it was always below 10%. I think the Surfshark servers are unstable or overloaded
-
@thisisme Back on OVPN, so much better. It was a short endeavor. I think their WG implementation is just bad, for years now.
-
@bob-dig packet loss with WG close to zero again for me
-
@thisisme Maybe it was me ^^
-
My surfshark wireguard configuration is not working. I'm sure it must be something incredibly obvious, but I can't figure it out.
Can someone please scan the config below and let know what is missing. For testing I have it configured like @Thisisme 's example.
fyi .... I am using selective routing and have a couple of LAN devices that are configured with firewall rules to only route to the surfshark wireguard gateway. Also, my OpenVPN config is fine.
-
@matosc Do you have two Gateways for that connection?
Today I noticed that pfSense isn't really doing any cleaning with gateways when I removed all OVPN connections and later removed all WG connections...
OVPN runs great with ss. I think it is even using DCO but I am not sure. -
@bob-dig I have several gateways, with only 1 for the wireguard connection.
- WAN
- Surfshark Wireguard
- Surfshark OpenVPN - near my location
- Surfshark OpenVPN - for USA connections
Helps?
-
@matosc Maybe you can't have two connections simultaneously (OVPN and WG) to the same server? I am back on OVPN so I can't help anymore.
-
@bob-dig I really appreciate the help.
I changed my config to test this more - recreated the wireguard configuration and removed the OpenVPN connections entirely.
Still can't connect from the single device on the network that is configured with a LAN rule to only connect to the specified gateway.
Here is the latest config.
-
@matosc You could switch to Automatic Outbound NAT for now if you don't use OVPN.
Have you given your public Key to ss in their WebUI?
Your LAN rule has no fault?
No rules on the WireGuard Group Interface, if it exist.I just got WG from pfSense to my android phone working, it took me ages...
-
@bob-dig thanks for idea of turning on Automatic Outbound NAT. It's working! There must have been a hidden issue in the background. Anyway, I'm very happy that I can finally connect via WG.
Everyone once and a while I lose WG connection and route via the WAN. This kinda sounds like what others are experiencing. Will track this topic and see if others report the same.
-
@Thisisme How is it going? How many WG-tunnels have you running with ss?
-
@bob-dig I have one tunnel atm. But I'm not sure about it. I have the same problem with OpenVPN and WG: several times a day I get packet loss leading to gateway shutdown. But with WG it seems more often.
