Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi Gateways together with WireGuard and Multi Servers

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 3 Posters 627 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      Itay1787
      last edited by

      Hi, need your help.

      The problem I have is not a normal thing that is you setup, but I have to do it in order to have normal internet.

      I need a connection with WireGurad to 2 VPNs to each other
      I will explain,
      I need:
      Pfsense > ISP WAN1 > WG-Server1 > WG Server2 > Internet

      For those who are now asking themselves why do I need this? I need it to bypass the bad routing of one of my ISPs and I need to connect 2 WG servers together because the WG Server 2 is somehow still affected by the bad routing even though all the traffic goes through it I have no idea why this is happening and no matter how much I tried to understand what causes it I couldn't so I moved on to the next thing - This

      So what I did until now - I updated the pfsense to 2.7.0

      And I installed the wg package

      WG Server 1 is surfshark where the routing is normal as soon as I connect to their VPN and I have to add another VPN on it because if not there is always the "I'm not a robot" that needs to be confirmed and they don't provide a fixed ip address on the servers I need.

      So I have another private server - WG Server 2 to which I need to connect via surfshark

      Hope everything is clear by now (:

      The problem I have

      When I try to connect from WG S1 to WG S2 everything seems to connect but when I try to connect with a client on the network through WG S2 there is traffic like ping but nothing more than that to the Internet

      Through WG S1 everything works, there is normal browsing and the speed is excellent.

      If I cancel the connection of WG S1 to WG S2 and connect directly
      ISP WAN1 > WG S2 there is browsing and everything works.

      And WG already generates the rules of NAT by itself - unlike OpenVPN you have to add them manually.

      And for Surf to work, I had to set for his GW MTU:1420 and MSS:1420, Otherwise nothing would work, only ping. I did the same for the GW of the VPS, but it didn't help for this problem.
      Also another strange thing, now I checked if I connect

      WG S1 > OpenVPN Client (the same VPS) just with OpenVPN> client

      The same thing happens, no normal browsing

      I also posted it on reddit but I'm also posting it here to increase the possibility of help

      I'm attaching pictures of all my config, I hope you can help and I hope I didn't forget to mention something.

      Peer-SurfWG.png

      Peer-VPSWG.png

      Rule.png

      Static Routes.png

      Tunnel WG-Surf.png

      Tunnel-WG-VPS.png

      WG-Status.png

      Bob.DigB 1 Reply Last reply Reply Quote 0
      • O
        oddussiben-3161
        last edited by oddussiben-3161

        oh wow, i got surfshark WG to work on pfsense after 2 years thanks to you post. i had never set MTU or MSS... thanks

        GW MTU:1420 and MSS:1420
        1 Reply Last reply Reply Quote 1
        • Bob.DigB
          Bob.Dig LAYER 8 @Itay1787
          last edited by

          @Itay1787 I don't think you can do that with WG on pfSense. With OpenVPN you would be able to chain Clients though.
          Maybe use a VMs for your first client...

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.