WG with 23.05 and ProtonVPN

DaddyGo · May 25, 2023, 7:05 PM

@Onecut said in WG with 23.05 and ProtonVPN:

I decided to try Wireguard with ProtonVPN.

Hi,

Experimentally, I tested several VPNs with WG on pfS, I note they did not perform as expected....

These WG connections are not so easy to set up that you just type in the connection details, even though that's what the WG was supposed to do, but each provider uses the parameters a little differently.

I've tried these and they definitely work(s), but I installed them all on Ubuntu first and extracted the important connection information:

login-to-view

What's more, you can mix instructions from several providers to get a working connection

None that I have encountered so far have been clear......
like:
https://mullvad.net/en/help/pfsense-with-wireguard/
https://www.ivpn.net/setup/router/pfsense-wireguard/
and / or

https://www.comparitech.com/blog/vpn-privacy/pfsense-wireguard-setup/

and etc.

Onecut · May 25, 2023, 7:49 PM

@DaddyGo , My reference to WG Doc refers to Netgate WG recipes. Specifically, WG VPN Client: link text.

Anyway, the above link is specific as to what bits are needed from the VPN provider but I see there are other WG docs from Netgate as well. I have more reading to do.

Beg pardon for my generic reference to WG Docs.

Thanks for sharing,

Onecut

Bob.Dig · May 25, 2023, 8:24 PM

@DaddyGo said in WG with 23.05 and ProtonVPN:

https://mullvad.net/en/help/pfsense-with-wireguard/

Holy moly, that reads complicated. Also it looks like the gateway ip is the same for every tunnel? I thought mullvad would be the gold standard for pfsense wg vpn...

DaddyGo · May 26, 2023, 9:48 AM

@Onecut said in WG with 23.05 and ProtonVPN:

My reference to WG Doc refers to Netgate WG recipes

Yuppp, this is just an indication of how a standard mode configuration would work.

In case your provider differs from this, or for example ~~SurfShark~~ NORD :) doesn't give you a router installation description (because it only provides WG through its app), you have to figure it out yourself and you need Linux to do it - in my case I extracted the parameters from the Ubuntu terminal (CLI)

I repeat myself, the Netgate document is not the guideline here, your provider is always the guideline, nevertheless the first thing you should read is the Netgate Doc to understand the principles of how WG works

BTW:
if you really can't do it, I can help you, as soon as I have some time, I'll have access to at least 5-6 VPNs, we'll figure out how to do it on pfS....

I also have Proton access here in Eu

DaddyGo · May 26, 2023, 9:57 AM

@Bob-Dig said in WG with 23.05 and ProtonVPN:

mullvad would be the gold standard for pfsense wg vpn

Yes, because "Christian McD." always tests with it, but as you say it's the most complicated one to use (only the background, not the setting), although once you get going you'll find out why it's configured that way, but here in the EU it doesn't give you the speed you'd expect, the OpenVPN version is sometimes faster

PS:

I will say that the simple WG for Windows,... 10x is faster than the router versions, so I'm sticking with OpenVPN for now, with fast CPU cores or IPsec for StoS.

What I will be curious about is this " OVPN Data Channel Offload (DCO)"

https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/dco.html

this one was very close, :):
https://www.netgate.com/blog/openvpn-at-netdev-0x16-in-lisbon-portugal

PS: @Onecut
a PROTON connection currently under windows can do this here........:

login-to-view

Bob.Dig · May 26, 2023, 9:33 AM

@DaddyGo said in WG with 23.05 and ProtonVPN:

for example SurfShark doesn't give you a router installation description (because it only provides WG through its app),

That is nord. SS does provide the configs.

Bob.Dig · May 26, 2023, 9:38 AM

@DaddyGo said in WG with 23.05 and ProtonVPN:

I will say that the simple WG for Windows,... 10x is faster than the router versions, so I'm sticking with OpenVPN for now, with fast CPU cores or IPsec for StoS.

No problem here, although I am using some OpenWrt-VMs as WG-Clients to circumvent the "all the same gateway" problem.

login-to-view

DaddyGo · May 26, 2023, 9:40 AM

@Bob-Dig said in WG with 23.05 and ProtonVPN:

SS does provide the configs.

I tested these quite a while ago and then there was no configuration of SS specifically for routers, but I'll have a quick look at my account.

BTW:
I don't use SS much anymore, they have such serious administrators who think that the defense is to ban and not to look for a solution. That's why they disabled port 587 on SS network , I can be an administrator by keeping spammers out by disabling the standard port, but then no mail, hahahahahah

DaddyGo · May 26, 2023, 9:45 AM

@Bob-Dig said in WG with 23.05 and ProtonVPN:

OpenWrt-VMs as WG-Clients to circumvent

and that's the point, .. that's exactly what I'm doing on another our network, somehow OWrt does it better

only not on VM, but on 4 core miniPCs -

Onecut · May 26, 2023, 3:12 PM

I get the picture now wrt WG configs with this or that VPN provider. ProtonVPN has their WG configs but no pfsense setup docs. I haven't used Windows in years and as a 'Linux for Dummies' kind of user I sometimes have a clue.

Being a Netgate Minnow w/ 2C Intel Atom (AES-NI) I get about 12MBs (Mega Bytes) sustained but that pushes CPU usage into 50-60% range. That's with OpenVPN, WG may not be feasible.

This newish Pfsense/WG howto peeks my interest: link text

We'll see.

Thanks,

Onecut