WG vs OpenVPN on PIA
-
@slugger So I saw this, got to the docker part, and was like, well crap, this isn't what I want. Where is the pfsense continuation piece of your tutorial?
-
@rodger_dodger You mean you didn't make it to the bottom of the docker wiki page??
I think this is what you were looking for. But this page assumes you got a wg interface created already by setting up the docker beforehand.
-
@slugger I did I promise! But I'm running Pfsense in a vm, and I don't want to use docker. So can I just skip the docker portion? Is that what you're saying?
-
@rodger_dodger If you skip the docker portion then you have to somehow generate the wg config via the PIA api calls. So you have to adapt those bash scripts that PIA provides or somehow make the api calls to get the wg config details you need to then go and manually create the wg interface in pfSense. And then... anytime the interface stops responding, you have to go do the api calls with PIA again.
In other words, if you just want to create a PIA wg interface in pfSense manually, you have to go adapt and call those bash scripts that PIA provides, extract the json blob of config details then use those details to manually create the wg interface in pfSense. Though that's doable, the real pain is anytime the interface stops responding you have to go do this all again because once the interface stops responding for any reason, the assigned IP and keys for that interface are no longer valid making the interface useless.
If it's just you don't want to use docker then I also package my app up as a standalone app that will run on Windows or Linux. It requires Java be on your system. No docs for that setup yet. If it's just you don't want to have to run some kind of service at all for this then you're in for a challenge. You can't avoid the series of api calls to PIA to configure all of this, it's the only way you get a valid and useable wg config from them.
-
@rodger_dodger I took a few minutes to create a "manual" command in my app that will just generate a valid WireGuard config for PIA and dump it to the console. You can then take that output and manually create a PIA wg interface in pfSense. Let me test it when I get an hour or two in the next few days and then I'll upload it to the gitlab page. You will need Java on your system to run it.
Makes adding a PIA wg interface pretty simple, but it's a completely manual process. Anytime the interface goes stale you'd have to run this command line tool and update the wg settings in pfSense manually based on its output.
-
@slugger Dang that's really awesome of you. Have you given any thoughts on making a docker app for Unraid? I'm running my pfsense box from within a vm on my unraid server. Maybe I could leverage docker on that to use your app?
-
@rodger_dodger The docker I've created should run on Unraid as is without issue. Unraid is just Linux under the hood, right?
-
@rodger_dodger Given this announcement, I've paused my project and am reassessing things. Likely switching back to my previous Linux vm wireguard gateway setup I had going on. Definitely recommend not proceeding with using my app to config wg on pfsense.
-
@slugger Yeah I saw that too. I just wish Openvpn provided better speeds with PIA.
-
@ryanm You are not seeing some sites because Wireguard requires MSS clamping. Set the MSS to 1380 and it should solve your problem. It's covered at the end of this page: https://github.com/FingerlessGlov3s/OPNsensePIAWireguard
Also, depending on the CPU, you can get up to 700Mbit/sec with Wireguard-go