Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WireGuard (TorGuard) on pfSense Plus 25.07.1 – DNS Resolver (Unbound) and Gateway Failover Issues

    Scheduled Pinned Locked Moved WireGuard
    1 Posts 1 Posters 180 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Q Offline
      QuantumParadox
      last edited by

      Hi Team,

      I’m running pfSense Plus 25.07.1 with TorGuard WireGuard VPN as my primary tunnel for LAN traffic (for best possible speeds). The tunnel is mostly working now, but I had to go through several fixes and I’m still not confident the configuration is stable.

      Here’s what I’ve run into:

      TorGuard support originally helped set up the WireGuard client. It worked fine for about a day, but then the Unbound DNS Resolver stopped working. Even when I re-enabled Unbound manually, LAN clients still couldn’t reach the internet.

      The main issue seemed to be when switching between WAN (ISP public IP) and the VPN IP. Sometimes traffic didn’t switch over properly, and at one point pfSense even generated a crash report during the switch and restarted.

      To fix it, I reset the LAN firewall rule so that LAN traffic would route through the VPN gateway when active, and fall back to WAN when the VPN was down. After that, I was able to toggle the VPN on/off without pfSense crashing, and traffic correctly switched between ISP IP and VPN IP.

      At this point it works, but I don’t think the setup is completely stable.

      I’d like to ask for guidance on:

      How to make sure Unbound stays reliable when the VPN gateway goes up/down.

      Best practices for LAN firewall rules so clients use the VPN when it’s up, and either fall back to WAN or get blocked (kill switch) when the VPN is down.

      Correctly assigning DNS servers to WAN and VPN gateways. At the moment, in System → General Setup, I don’t see the gateway dropdown next to DNS entries, so my DNS servers are just “floating” with no interface binding.

      If anyone has suggestions, or can point me to a clean reference configuration for WireGuard + Unbound + proper DNS gateway assignment, I’d greatly appreciate it.

      I'd really like to have a conference with someone and go over this. I'd like to give them access using RustDesk or TeamViewer so we can talk and they can show me things. I am legally blind so I am one inch from the screen.

      I've also uploaded the crashdump so you can look over it.
      I've also been using AI, but I keep going in circles with it, so it's not perfect.

      Thanks in advance!
      Warm Regards,
      Jamestextdump.tar.0

      QuantumParadox

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.