WireGuard VPN providers that support pfsense
-
@hypnosis4u2nv said in WireGuard VPN providers that support pfsense:
@ertnec Glad you got it working. The only bugs I am seeing is that the traffic graph doesn't display any data and the RTT latency data is ridiculously low so probably wrong. Could be an issue if you're running a gateway group and it's choosing gateways based on latency.
Ahhh I never noticed the traffic graph reporting incorrectly for the interface where the tunnel is paired! Interesting
-
@gabacho4 Thanks! Just added it and it displays correctly! Duh!
-
@n8rfe iVPN.net fully support it and even have a guide for pfSense they uploaded a few days ago,
-
@xxgbhxx how's the performance, already paying for 2 vpn providers, do i need a third...ha
-
@beachbum2021 said in WireGuard VPN providers that support pfsense:
@xxgbhxx how's the performance, already paying for 2 vpn providers, do i need a third...ha
I also use IVPN. It's been very stable for me. I have 1000/1000 FIOS and running a speedtest via command line through WAN directly to Verizon servers about 60 miles away typically results in down/up in the 800-900 Mbps range with latency in the 9-10 ms range.
With Wireguard to servers that are about 200 miles away down/up in the 700-800 range and latency in 16-17 ms range.
With OpenVpn to the servers that are about 200 miles away down/up in the 350-500 range and latency in 14-15 ms range.
Wireguard speeds are more consistent than the OpenVpn speeds.
IVPN allows 7 concurrent connections per account. As a fail safe, I use 3 of the connections as 3 different Wireguard connections in pfSense to servers in 3 different geographical locations. I then bind all the of the interfaces as a Gateway Group so pfSense routes through the 3 different connections. In 5 years or so of using their service I've never been not able to route traffic through their servers.
I've never felt the need to have a second provider as it would be an extremely unlikely event that would cause 3 different servers, in geographically different places, hosted by different data centers (Leaseweb, Quadranet and M247) go offline at the same time. Honestly, the only way I can imagine that happening would be some major internet disruption, like Verizon going down. In that case, I wouldn't be able to reach a 2nd provider even if I had one set up.
-
@beachbum2021 said in WireGuard VPN providers that support pfsense:
@xxgbhxx how's the performance, already paying for 2 vpn providers, do i need a third...ha
@dma_pf said in WireGuard VPN providers that support pfsense:
@beachbum2021 said in WireGuard VPN providers that support pfsense:
@xxgbhxx how's the performance, already paying for 2 vpn providers, do i need a third...ha
I also use IVPN. It's been very stable for me. I have 1000/1000 FIOS and running a speedtest via command line through WAN directly to Verizon servers about 60 miles away typically results in down/up in the 800-900 Mbps range with latency in the 9-10 ms range.
With Wireguard to servers that are about 200 miles away down/up in the 700-800 range and latency in 16-17 ms range.
With OpenVpn to the servers that are about 200 miles away down/up in the 350-500 range and latency in 14-15 ms range.
Wireguard speeds are more consistent than the OpenVpn speeds.
IVPN allows 7 concurrent connections per account. As a fail safe, I use 3 of the connections as 3 different Wireguard connections in pfSense to servers in 3 different geographical locations. I then bind all the of the interfaces as a Gateway Group so pfSense routes through the 3 different connections. In 5 years or so of using their service I've never been not able to route traffic through their servers.
I've never felt the need to have a second provider as it would be an extremely unlikely event that would cause 3 different servers, in geographically different places, hosted by different data centers (Leaseweb, Quadranet and M247) go offline at the same time. Honestly, the only way I can imagine that happening would be some major internet disruption, like Verizon going down. In that case, I wouldn't be able to reach a 2nd provider even if I had one set up.
I have been using iVPN for 9 years now. For those 9 years I've used OpenVPN. I must be incompetent though clearly. I've never managed to get the connection stable or able to failover.
When I reboot, the OpenVPN tunnel comes up but doesn't route traffic. If I re-connect the tunnel it works perfectly.
The tunnel randomly drops its connection. Sometimes it's stable for a few weeks and I forget about it. Over the last week it's dropped about 10 times a day and is worse under heavy load. It NEVER automatically reconnects. It tries but it always hangs. I then have to either wait a few mins or (as I now do) I hop to a different server and it re-conencts instantly.
I have tried creating additional tunnels and grouping them and while it worked I had packet loss and slow down.The second ISP connection is a connection resiliency thing not an ISP thing. I work from home and I am 100% reliant on my connection so it's there as a backup and as a clean (non VPN) feed for all the scummy media companies that now ban VPN's.
G
-
@gabacho4 said in WireGuard VPN providers that support pfsense:
@hypnosis4u2nv the latency is low because the gateway is set to ping itself. You’ll want to go to System -> Routing, then edit the gateway and set it to ping an alternate ip like 8.8.8.8 or whatever. Them you’ll get a real gauge of your latency.
For what it's worth, I set the monitoring IP the same as the "Peer WireGuard Address", which is the other end of the tunnel. I thought I read somewhere in Redmine that this would be done automatically if Peer WireGuard Address is configured, but it didn't seem to work for me.
EDIT: here is the issue https://redmine.pfsense.org/issues/11300
-
I posted a quick how-to on NordVPN
https://www.reddit.com/r/PFSENSE/comments/m0989o/nordvpn_wireguard_setup_works/It's really just how to get the keys and IP, not a full setup guide. It seems you can only have a single WG tunnel at this stage.
-
@griffo Nice
-
StrongVPN provides WireGuard service, although only the San Francisco node supports in for IPv6. All other nodes support IPv4.
They don't have pfSense specific configuration instructions, but you can get keys.
Not that I've gotten it to work ...
-
I have a pfSense solution for PIA. It's not quite ready to share, but I'm getting close. I'm running it myself now and have been for awhile, but I need to clean up a few things before I'd say give it a go. Basically it's a docker you run somewhere on your LAN and it talks to pfSense over ssh and manages the WireGuard config for you. It also supports PIA's port forwarding if you need that, too.
It's based on a previous sol'n that I ran on vanilla Linux before pfSense had wg support. I've converted it to something that can manage wg interfaces directly on pfSense. I use it to mange multiple tunnels with pia allowing me to policy route traffic based on various conditions as needed.
-
@slugger said in WireGuard VPN providers that support pfsense:
I have a pfSense solution for PIA. It's not quite ready to share, but I'm getting close. I'm running it myself now and have been for awhile, but I need to clean up a few things before I'd say give it a go. Basically it's a docker you run somewhere on your LAN and it talks to pfSense over ssh and manages the WireGuard config for you. It also supports PIA's port forwarding if you need that, too.
It's based on a previous sol'n that I ran on vanilla Linux before pfSense had wg support. I've converted it to something that can manage wg interfaces directly on pfSense. I use it to mange multiple tunnels with pia allowing me to policy route traffic based on various conditions as needed.
I like wireguard because of its simplicity and ease of use, aside from the technical and performance value it has over OpenVPN for my use case. I think it's cool that you came up with something to make it work with PIA, but I wouldn't complicate my setup just to use PIA. I use Mullvad instead and it takes 5 minutes to create a new account and set a wireguard key up.
-
@xparanoik Valid points. PIA is like 1/4 of the cost of Mullvad and I already had a paid PIA sub not expiring anytime soon so didn't want to pay out for another vpn provider. That was my motivation to make it work in pfSense. :)
-
@slugger Indeed, my PIA account was $29/yr which is less than half of Mullvad. I guess it'd be worth the trouble if you plan on having the service for a few years.
-
@xparanoik same reason i wanted to get NordVPN to work, i have another 4 years left. Shame they only support a single active WG key :-( speed on their overloaded servers is way higher on WG compared to OVPN
-
@griffo If you setup a the NordLynx vpn on Linux, you can use the wireguard commands to retrieve tunnel details, including the IP and key, and that should work on pfSense. I can't recall where I read that, might have been Reddit.
EDIT: here it is https://www.reddit.com/r/PFSENSE/comments/m0989o/nordvpn_wireguard_setup_works/ EDIT2: I guess that is your post? lol
-
@hypnosis4u2nv said in WireGuard VPN providers that support pfsense:
I have Torguard up and running.
And i can confirm that it works with their dedicated (streaming) IP's.