WireGuard VPN providers that support pfsense
-
@gabacho4 said in WireGuard VPN providers that support pfsense:
@hypnosis4u2nv the latency is low because the gateway is set to ping itself. You’ll want to go to System -> Routing, then edit the gateway and set it to ping an alternate ip like 8.8.8.8 or whatever. Them you’ll get a real gauge of your latency.
For what it's worth, I set the monitoring IP the same as the "Peer WireGuard Address", which is the other end of the tunnel. I thought I read somewhere in Redmine that this would be done automatically if Peer WireGuard Address is configured, but it didn't seem to work for me.
EDIT: here is the issue https://redmine.pfsense.org/issues/11300
-
I posted a quick how-to on NordVPN
https://www.reddit.com/r/PFSENSE/comments/m0989o/nordvpn_wireguard_setup_works/It's really just how to get the keys and IP, not a full setup guide. It seems you can only have a single WG tunnel at this stage.
-
@griffo Nice
-
StrongVPN provides WireGuard service, although only the San Francisco node supports in for IPv6. All other nodes support IPv4.
They don't have pfSense specific configuration instructions, but you can get keys.
Not that I've gotten it to work ...
-
I have a pfSense solution for PIA. It's not quite ready to share, but I'm getting close. I'm running it myself now and have been for awhile, but I need to clean up a few things before I'd say give it a go. Basically it's a docker you run somewhere on your LAN and it talks to pfSense over ssh and manages the WireGuard config for you. It also supports PIA's port forwarding if you need that, too.
It's based on a previous sol'n that I ran on vanilla Linux before pfSense had wg support. I've converted it to something that can manage wg interfaces directly on pfSense. I use it to mange multiple tunnels with pia allowing me to policy route traffic based on various conditions as needed.
-
@slugger said in WireGuard VPN providers that support pfsense:
I have a pfSense solution for PIA. It's not quite ready to share, but I'm getting close. I'm running it myself now and have been for awhile, but I need to clean up a few things before I'd say give it a go. Basically it's a docker you run somewhere on your LAN and it talks to pfSense over ssh and manages the WireGuard config for you. It also supports PIA's port forwarding if you need that, too.
It's based on a previous sol'n that I ran on vanilla Linux before pfSense had wg support. I've converted it to something that can manage wg interfaces directly on pfSense. I use it to mange multiple tunnels with pia allowing me to policy route traffic based on various conditions as needed.
I like wireguard because of its simplicity and ease of use, aside from the technical and performance value it has over OpenVPN for my use case. I think it's cool that you came up with something to make it work with PIA, but I wouldn't complicate my setup just to use PIA. I use Mullvad instead and it takes 5 minutes to create a new account and set a wireguard key up.
-
@xparanoik Valid points. PIA is like 1/4 of the cost of Mullvad and I already had a paid PIA sub not expiring anytime soon so didn't want to pay out for another vpn provider. That was my motivation to make it work in pfSense. :)
-
@slugger Indeed, my PIA account was $29/yr which is less than half of Mullvad. I guess it'd be worth the trouble if you plan on having the service for a few years.
-
@xparanoik same reason i wanted to get NordVPN to work, i have another 4 years left. Shame they only support a single active WG key :-( speed on their overloaded servers is way higher on WG compared to OVPN
-
@griffo If you setup a the NordLynx vpn on Linux, you can use the wireguard commands to retrieve tunnel details, including the IP and key, and that should work on pfSense. I can't recall where I read that, might have been Reddit.
EDIT: here it is https://www.reddit.com/r/PFSENSE/comments/m0989o/nordvpn_wireguard_setup_works/ EDIT2: I guess that is your post? lol
-
@hypnosis4u2nv said in WireGuard VPN providers that support pfsense:
I have Torguard up and running.
And i can confirm that it works with their dedicated (streaming) IP's.