WireGuard VPN providers that support pfsense
-
@bcruze There are a lot of Collisions and errors on your setup
here is my interface status
WG0MULLVAD Interface (opt12, wg0) Status up IPv4 Address xx.xx.xx.xx Subnet mask IPv4 255.255.255.255 Gateway IPv4 xx.xx.xx.xx IPv6 Link Local xxxxx%wg0 IPv6 Address xxxxx Subnet mask IPv6 64 Gateway IPv6 xxxxx MTU 1420 Media 25GBase-ACC <full-duplex> In/out packets 3277492/1965393 (2.16 GiB/849.86 MiB) In/out packets (pass) 3277492/1965393 (2.16 GiB/849.86 MiB) In/out packets (block) 108/11 (14 KiB/0 B) In/out errors 6/6 Collisions 6 -
@p1erre said in WireGuard VPN providers that support pfsense:
@bcruze There are a lot of Collisions and errors on your setup
here is my interface status
WG0MULLVAD Interface (opt12, wg0) Status up IPv4 Address xx.xx.xx.xx Subnet mask IPv4 255.255.255.255 Gateway IPv4 xx.xx.xx.xx IPv6 Link Local xxxxx%wg0 IPv6 Address xxxxx Subnet mask IPv6 64 Gateway IPv6 xxxxx MTU 1420 Media 25GBase-ACC <full-duplex> In/out packets 3277492/1965393 (2.16 GiB/849.86 MiB) In/out packets (pass) 3277492/1965393 (2.16 GiB/849.86 MiB) In/out packets (block) 108/11 (14 KiB/0 B) In/out errors 6/6 Collisions 6YES. but those numbers show up immediately upon the creation and connection of the session
you both confirmed the same as you can see just different numbers.
-
@p1erre said in WireGuard VPN providers that support pfsense:
Mullvad
Excellent find. Thanks for this. I am in the process of testing them.
-
@gabacho4 where do we get the public/private key from with their services?
-
@beachbum2021 said in WireGuard VPN providers that support pfsense:
@gabacho4 where do we get the public/private key from with their services?
Click the download button scroll down and click wireguard
-
I have Torguard up and running.
-
@n8rfe I've used several succesfully. The only one that's a real pain is Nord as they regard their config as secret squirrel.
Mullvad
VPN.AC
ExpressVPN -
I've been using IVPN for several years and have been happy with them. They do support Wireguard and I have transitioned my pfSense to use Wireguard exclusively with them. I've posted screenshots of how I got it configured in this post https://forum.netgate.com/topic/160378/wg-not-routing-or-sending-traffic
-
@hypnosis4u2nv said in WireGuard VPN providers that support pfsense:
I have Torguard up and running.
Any chance you could share how you got this running? I've been trying to get this in place but the peer won't connect.
-
@ertnec Go to the config generator, select tunnel type - wireguard, choose your server location and enter your VPN log in details.
Go to pfsense VPN->Wireguard->Add Tunnel. Check Enable interface, add description, and go down and Generate New Keys.
Go back and enter those keys in the Torguard config generator and hit generate config button. You should have a config printed out in the box. Copy the address under interface and plug that into address in pfsense wireguard tunnel. Listen port should be listed as 51820 so enter that in the tunnel. Click add peer on the bottom in the wireguard setup.
The peer configuration is being copied from the config that was generated and plugged into all applicable fields in the tunnel peer settings. Leave everything else blank.
Create and enable your Wireguard interface. Create a firewall rule under the wireguard interface to allow any.
Add your NAT rule for WAN.
Then add any policy based rules to the firewall.
Done.
-
@hypnosis4u2nv said in WireGuard VPN providers that support pfsense:
@ertnec Go to the config generator, select tunnel type - wireguard, choose your server location and enter your VPN log in details.
Go to pfsense VPN->Wireguard->Add Tunnel. Check Enable interface, add description, and go down and Generate New Keys.
Go back and enter those keys in the Torguard config generator and hit generate config button. You should have a config printed out in the box. Copy the address under interface and plug that into address in pfsense wireguard tunnel. Listen port should be listed as 51820 so enter that in the tunnel. Click add peer on the bottom in the wireguard setup.
The peer configuration is being copied from the config that was generated and plugged into all applicable fields in the tunnel peer settings. Leave everything else blank.
Create and enable your Wireguard interface. Create a firewall rule under the wireguard interface to allow any.
Add your NAT rule for WAN.
Then add any policy based rules to the firewall.
Done.
You know what, I'm an idiot... It was working fine, I'd just not interpreted the output of
wgcorrectly. Once I'd properly set it to the vlan which uses it (so just swapping over ovpnc1 for wg0 on the gateway interface), everything was spot on. Although what wasn't clear was that in order to get port forwarding working correctly, you need to first request/configure the range within TG itself, then generate a new config. I'd generated the config then requested the port forwards.Compared to OpenVPN, peak speeds seem far more consistent (holding steady now at around 55mbps which is the upper limit of my current connection compared to ranging from 45-55), although CPU load has increased from an average of 40% to around 55%.
-
@ertnec Glad you got it working. The only bugs I am seeing is that the traffic graph doesn't display any data and the RTT latency data is ridiculously low so probably wrong. Could be an issue if you're running a gateway group and it's choosing gateways based on latency.
-
@hypnosis4u2nv the latency is low because the gateway is set to ping itself. You’ll want to go to System -> Routing, then edit the gateway and set it to ping an alternate ip like 8.8.8.8 or whatever. Them you’ll get a real gauge of your latency.
-
windscribe also has wireguard support.
-
@hypnosis4u2nv said in WireGuard VPN providers that support pfsense:
@ertnec Glad you got it working. The only bugs I am seeing is that the traffic graph doesn't display any data and the RTT latency data is ridiculously low so probably wrong. Could be an issue if you're running a gateway group and it's choosing gateways based on latency.
Ahhh I never noticed the traffic graph reporting incorrectly for the interface where the tunnel is paired! Interesting
-
@gabacho4 Thanks! Just added it and it displays correctly! Duh!
-
@n8rfe iVPN.net fully support it and even have a guide for pfSense they uploaded a few days ago,
-
@xxgbhxx how's the performance, already paying for 2 vpn providers, do i need a third...ha
-
@beachbum2021 said in WireGuard VPN providers that support pfsense:
@xxgbhxx how's the performance, already paying for 2 vpn providers, do i need a third...ha
I also use IVPN. It's been very stable for me. I have 1000/1000 FIOS and running a speedtest via command line through WAN directly to Verizon servers about 60 miles away typically results in down/up in the 800-900 Mbps range with latency in the 9-10 ms range.
With Wireguard to servers that are about 200 miles away down/up in the 700-800 range and latency in 16-17 ms range.
With OpenVpn to the servers that are about 200 miles away down/up in the 350-500 range and latency in 14-15 ms range.
Wireguard speeds are more consistent than the OpenVpn speeds.
IVPN allows 7 concurrent connections per account. As a fail safe, I use 3 of the connections as 3 different Wireguard connections in pfSense to servers in 3 different geographical locations. I then bind all the of the interfaces as a Gateway Group so pfSense routes through the 3 different connections. In 5 years or so of using their service I've never been not able to route traffic through their servers.
I've never felt the need to have a second provider as it would be an extremely unlikely event that would cause 3 different servers, in geographically different places, hosted by different data centers (Leaseweb, Quadranet and M247) go offline at the same time. Honestly, the only way I can imagine that happening would be some major internet disruption, like Verizon going down. In that case, I wouldn't be able to reach a 2nd provider even if I had one set up.
-
@beachbum2021 said in WireGuard VPN providers that support pfsense:
@xxgbhxx how's the performance, already paying for 2 vpn providers, do i need a third...ha
@dma_pf said in WireGuard VPN providers that support pfsense:
@beachbum2021 said in WireGuard VPN providers that support pfsense:
@xxgbhxx how's the performance, already paying for 2 vpn providers, do i need a third...ha
I also use IVPN. It's been very stable for me. I have 1000/1000 FIOS and running a speedtest via command line through WAN directly to Verizon servers about 60 miles away typically results in down/up in the 800-900 Mbps range with latency in the 9-10 ms range.
With Wireguard to servers that are about 200 miles away down/up in the 700-800 range and latency in 16-17 ms range.
With OpenVpn to the servers that are about 200 miles away down/up in the 350-500 range and latency in 14-15 ms range.
Wireguard speeds are more consistent than the OpenVpn speeds.
IVPN allows 7 concurrent connections per account. As a fail safe, I use 3 of the connections as 3 different Wireguard connections in pfSense to servers in 3 different geographical locations. I then bind all the of the interfaces as a Gateway Group so pfSense routes through the 3 different connections. In 5 years or so of using their service I've never been not able to route traffic through their servers.
I've never felt the need to have a second provider as it would be an extremely unlikely event that would cause 3 different servers, in geographically different places, hosted by different data centers (Leaseweb, Quadranet and M247) go offline at the same time. Honestly, the only way I can imagine that happening would be some major internet disruption, like Verizon going down. In that case, I wouldn't be able to reach a 2nd provider even if I had one set up.
I have been using iVPN for 9 years now. For those 9 years I've used OpenVPN. I must be incompetent though clearly. I've never managed to get the connection stable or able to failover.
When I reboot, the OpenVPN tunnel comes up but doesn't route traffic. If I re-connect the tunnel it works perfectly.
The tunnel randomly drops its connection. Sometimes it's stable for a few weeks and I forget about it. Over the last week it's dropped about 10 times a day and is worse under heavy load. It NEVER automatically reconnects. It tries but it always hangs. I then have to either wait a few mins or (as I now do) I hop to a different server and it re-conencts instantly.
I have tried creating additional tunnels and grouping them and while it worked I had packet loss and slow down.The second ISP connection is a connection resiliency thing not an ISP thing. I work from home and I am 100% reliant on my connection so it's there as a backup and as a clean (non VPN) feed for all the scummy media companies that now ban VPN's.
G