Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WireGuard VPN providers that support pfsense

    Scheduled Pinned Locked Moved WireGuard
    56 Posts 16 Posters 13.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      p1erre @bcruze
      last edited by

      @bcruze There are a lot of Collisions and errors on your setup

      here is my interface status

      WG0MULLVAD Interface (opt12, wg0)
      Status
      up 
      IPv4 Address
      xx.xx.xx.xx 
      Subnet mask IPv4
      255.255.255.255 
      Gateway IPv4
      xx.xx.xx.xx
      IPv6 Link Local
      xxxxx%wg0 
      IPv6 Address
      xxxxx 
      Subnet mask IPv6
      64 
      Gateway IPv6
      xxxxx
      MTU
      1420 
      Media
      25GBase-ACC <full-duplex> 
      In/out packets
      3277492/1965393 (2.16 GiB/849.86 MiB) 
      In/out packets (pass)
      3277492/1965393 (2.16 GiB/849.86 MiB) 
      In/out packets (block)
      108/11 (14 KiB/0 B) 
      In/out errors
      6/6 
      Collisions
      6 
      
      B 1 Reply Last reply Reply Quote 0
      • B
        bcruze @p1erre
        last edited by

        @p1erre said in WireGuard VPN providers that support pfsense:

        @bcruze There are a lot of Collisions and errors on your setup

        here is my interface status

        WG0MULLVAD Interface (opt12, wg0)
        Status
        up 
        IPv4 Address
        xx.xx.xx.xx 
        Subnet mask IPv4
        255.255.255.255 
        Gateway IPv4
        xx.xx.xx.xx
        IPv6 Link Local
        xxxxx%wg0 
        IPv6 Address
        xxxxx 
        Subnet mask IPv6
        64 
        Gateway IPv6
        xxxxx
        MTU
        1420 
        Media
        25GBase-ACC <full-duplex> 
        In/out packets
        3277492/1965393 (2.16 GiB/849.86 MiB) 
        In/out packets (pass)
        3277492/1965393 (2.16 GiB/849.86 MiB) 
        In/out packets (block)
        108/11 (14 KiB/0 B) 
        In/out errors
        6/6 
        Collisions
        6 
        

        YES. but those numbers show up immediately upon the creation and connection of the session

        you both confirmed the same as you can see just different numbers.

        1 Reply Last reply Reply Quote 0
        • N
          n8rfe @p1erre
          last edited by

          @p1erre said in WireGuard VPN providers that support pfsense:

          Mullvad

          Excellent find. Thanks for this. I am in the process of testing them.

          1 Reply Last reply Reply Quote 0
          • B
            beachbum2021 @gabacho4
            last edited by

            @gabacho4 where do we get the public/private key from with their services?

            B 1 Reply Last reply Reply Quote 0
            • B
              bcruze @beachbum2021
              last edited by

              @beachbum2021 said in WireGuard VPN providers that support pfsense:

              @gabacho4 where do we get the public/private key from with their services?

              Click the download button scroll down and click wireguard

              1 Reply Last reply Reply Quote 0
              • H
                hypnosis4u2nv
                last edited by

                I have Torguard up and running.

                E G 2 Replies Last reply Reply Quote 0
                • G
                  Griffo @n8rfe
                  last edited by

                  @n8rfe I've used several succesfully. The only one that's a real pain is Nord as they regard their config as secret squirrel.

                  Mullvad
                  VPN.AC
                  ExpressVPN

                  1 Reply Last reply Reply Quote 0
                  • D
                    dma_pf
                    last edited by

                    I've been using IVPN for several years and have been happy with them. They do support Wireguard and I have transitioned my pfSense to use Wireguard exclusively with them. I've posted screenshots of how I got it configured in this post https://forum.netgate.com/topic/160378/wg-not-routing-or-sending-traffic

                    1 Reply Last reply Reply Quote 0
                    • E
                      ErTnEc @hypnosis4u2nv
                      last edited by

                      @hypnosis4u2nv said in WireGuard VPN providers that support pfsense:

                      I have Torguard up and running.

                      Any chance you could share how you got this running? I've been trying to get this in place but the peer won't connect.

                      H 1 Reply Last reply Reply Quote 0
                      • H
                        hypnosis4u2nv @ErTnEc
                        last edited by

                        @ertnec Go to the config generator, select tunnel type - wireguard, choose your server location and enter your VPN log in details.

                        Go to pfsense VPN->Wireguard->Add Tunnel. Check Enable interface, add description, and go down and Generate New Keys.

                        Go back and enter those keys in the Torguard config generator and hit generate config button. You should have a config printed out in the box. Copy the address under interface and plug that into address in pfsense wireguard tunnel. Listen port should be listed as 51820 so enter that in the tunnel. Click add peer on the bottom in the wireguard setup.

                        The peer configuration is being copied from the config that was generated and plugged into all applicable fields in the tunnel peer settings. Leave everything else blank.

                        Create and enable your Wireguard interface. Create a firewall rule under the wireguard interface to allow any.

                        Add your NAT rule for WAN.

                        Then add any policy based rules to the firewall.

                        Done.

                        E 1 Reply Last reply Reply Quote 1
                        • E
                          ErTnEc @hypnosis4u2nv
                          last edited by ErTnEc

                          @hypnosis4u2nv said in WireGuard VPN providers that support pfsense:

                          @ertnec Go to the config generator, select tunnel type - wireguard, choose your server location and enter your VPN log in details.

                          Go to pfsense VPN->Wireguard->Add Tunnel. Check Enable interface, add description, and go down and Generate New Keys.

                          Go back and enter those keys in the Torguard config generator and hit generate config button. You should have a config printed out in the box. Copy the address under interface and plug that into address in pfsense wireguard tunnel. Listen port should be listed as 51820 so enter that in the tunnel. Click add peer on the bottom in the wireguard setup.

                          The peer configuration is being copied from the config that was generated and plugged into all applicable fields in the tunnel peer settings. Leave everything else blank.

                          Create and enable your Wireguard interface. Create a firewall rule under the wireguard interface to allow any.

                          Add your NAT rule for WAN.

                          Then add any policy based rules to the firewall.

                          Done.

                          You know what, I'm an idiot... It was working fine, I'd just not interpreted the output of wg correctly. Once I'd properly set it to the vlan which uses it (so just swapping over ovpnc1 for wg0 on the gateway interface), everything was spot on. Although what wasn't clear was that in order to get port forwarding working correctly, you need to first request/configure the range within TG itself, then generate a new config. I'd generated the config then requested the port forwards.

                          Compared to OpenVPN, peak speeds seem far more consistent (holding steady now at around 55mbps which is the upper limit of my current connection compared to ranging from 45-55), although CPU load has increased from an average of 40% to around 55%.

                          H 1 Reply Last reply Reply Quote 0
                          • H
                            hypnosis4u2nv @ErTnEc
                            last edited by

                            @ertnec Glad you got it working. The only bugs I am seeing is that the traffic graph doesn't display any data and the RTT latency data is ridiculously low so probably wrong. Could be an issue if you're running a gateway group and it's choosing gateways based on latency.

                            G E 2 Replies Last reply Reply Quote 0
                            • G
                              gabacho4 Rebel Alliance @hypnosis4u2nv
                              last edited by

                              @hypnosis4u2nv the latency is low because the gateway is set to ping itself. You’ll want to go to System -> Routing, then edit the gateway and set it to ping an alternate ip like 8.8.8.8 or whatever. Them you’ll get a real gauge of your latency.

                              H X 2 Replies Last reply Reply Quote 1
                              • T
                                tigs
                                last edited by

                                windscribe also has wireguard support.

                                1 Reply Last reply Reply Quote 0
                                • E
                                  ErTnEc @hypnosis4u2nv
                                  last edited by

                                  @hypnosis4u2nv said in WireGuard VPN providers that support pfsense:

                                  @ertnec Glad you got it working. The only bugs I am seeing is that the traffic graph doesn't display any data and the RTT latency data is ridiculously low so probably wrong. Could be an issue if you're running a gateway group and it's choosing gateways based on latency.

                                  Ahhh I never noticed the traffic graph reporting incorrectly for the interface where the tunnel is paired! Interesting

                                  1 Reply Last reply Reply Quote 0
                                  • H
                                    hypnosis4u2nv @gabacho4
                                    last edited by

                                    @gabacho4 Thanks! Just added it and it displays correctly! Duh!

                                    1 Reply Last reply Reply Quote 0
                                    • X
                                      xxGBHxx @n8rfe
                                      last edited by

                                      @n8rfe iVPN.net fully support it and even have a guide for pfSense they uploaded a few days ago,

                                      B 1 Reply Last reply Reply Quote 0
                                      • B
                                        beachbum2021 @xxGBHxx
                                        last edited by

                                        @xxgbhxx how's the performance, already paying for 2 vpn providers, do i need a third...ha

                                        D X 2 Replies Last reply Reply Quote 0
                                        • D
                                          dma_pf @beachbum2021
                                          last edited by

                                          @beachbum2021 said in WireGuard VPN providers that support pfsense:

                                          @xxgbhxx how's the performance, already paying for 2 vpn providers, do i need a third...ha

                                          I also use IVPN. It's been very stable for me. I have 1000/1000 FIOS and running a speedtest via command line through WAN directly to Verizon servers about 60 miles away typically results in down/up in the 800-900 Mbps range with latency in the 9-10 ms range.

                                          With Wireguard to servers that are about 200 miles away down/up in the 700-800 range and latency in 16-17 ms range.

                                          With OpenVpn to the servers that are about 200 miles away down/up in the 350-500 range and latency in 14-15 ms range.

                                          Wireguard speeds are more consistent than the OpenVpn speeds.

                                          IVPN allows 7 concurrent connections per account. As a fail safe, I use 3 of the connections as 3 different Wireguard connections in pfSense to servers in 3 different geographical locations. I then bind all the of the interfaces as a Gateway Group so pfSense routes through the 3 different connections. In 5 years or so of using their service I've never been not able to route traffic through their servers.

                                          I've never felt the need to have a second provider as it would be an extremely unlikely event that would cause 3 different servers, in geographically different places, hosted by different data centers (Leaseweb, Quadranet and M247) go offline at the same time. Honestly, the only way I can imagine that happening would be some major internet disruption, like Verizon going down. In that case, I wouldn't be able to reach a 2nd provider even if I had one set up.

                                          1 Reply Last reply Reply Quote 1
                                          • X
                                            xxGBHxx @beachbum2021
                                            last edited by

                                            @beachbum2021 said in WireGuard VPN providers that support pfsense:

                                            @xxgbhxx how's the performance, already paying for 2 vpn providers, do i need a third...ha

                                            @dma_pf said in WireGuard VPN providers that support pfsense:

                                            @beachbum2021 said in WireGuard VPN providers that support pfsense:

                                            @xxgbhxx how's the performance, already paying for 2 vpn providers, do i need a third...ha

                                            I also use IVPN. It's been very stable for me. I have 1000/1000 FIOS and running a speedtest via command line through WAN directly to Verizon servers about 60 miles away typically results in down/up in the 800-900 Mbps range with latency in the 9-10 ms range.

                                            With Wireguard to servers that are about 200 miles away down/up in the 700-800 range and latency in 16-17 ms range.

                                            With OpenVpn to the servers that are about 200 miles away down/up in the 350-500 range and latency in 14-15 ms range.

                                            Wireguard speeds are more consistent than the OpenVpn speeds.

                                            IVPN allows 7 concurrent connections per account. As a fail safe, I use 3 of the connections as 3 different Wireguard connections in pfSense to servers in 3 different geographical locations. I then bind all the of the interfaces as a Gateway Group so pfSense routes through the 3 different connections. In 5 years or so of using their service I've never been not able to route traffic through their servers.

                                            I've never felt the need to have a second provider as it would be an extremely unlikely event that would cause 3 different servers, in geographically different places, hosted by different data centers (Leaseweb, Quadranet and M247) go offline at the same time. Honestly, the only way I can imagine that happening would be some major internet disruption, like Verizon going down. In that case, I wouldn't be able to reach a 2nd provider even if I had one set up.

                                            I have been using iVPN for 9 years now. For those 9 years I've used OpenVPN. I must be incompetent though clearly. I've never managed to get the connection stable or able to failover.

                                            When I reboot, the OpenVPN tunnel comes up but doesn't route traffic. If I re-connect the tunnel it works perfectly.
                                            The tunnel randomly drops its connection. Sometimes it's stable for a few weeks and I forget about it. Over the last week it's dropped about 10 times a day and is worse under heavy load. It NEVER automatically reconnects. It tries but it always hangs. I then have to either wait a few mins or (as I now do) I hop to a different server and it re-conencts instantly.
                                            I have tried creating additional tunnels and grouping them and while it worked I had packet loss and slow down.

                                            The second ISP connection is a connection resiliency thing not an ISP thing. I work from home and I am 100% reliant on my connection so it's there as a backup and as a clean (non VPN) feed for all the scummy media companies that now ban VPN's.

                                            G

                                            1 Reply Last reply Reply Quote 1
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.