Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    I am lost....

    WireGuard
    3
    6
    773
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      revengineer
      last edited by

      So, I thought this was supposed to be simple. In the past, I got OpenVPN running easily in 20 minutes. With Wireguard, I have been struggling for 2 hours working through multiple tutorials and nothing works. So, I would really appreciate if someone can point me to a working tutorial to remotely connect my Android phone to my pfsense firewall. Thank you in advance for the help.

      1 Reply Last reply Reply Quote 1
      • T
        topper2
        last edited by

        I've had the same experience - got OpenVPN set up no issues - yet I'm totally baffled by setting up WG!

        Determined to get it working though as the switch will be well worth it.

        Sounds like my set up is similar to yours... I've got a couple of posts/threads where it's being discussed:

        https://forum.netgate.com/topic/164974/basic-remote-access-to-lan

        https://forum.netgate.com/topic/164964/wireguard-package-documentation

        johnpozJ 1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @topper2
          last edited by johnpoz

          @topper2 said in I am lost....:

          as the switch will be well worth it.

          Says who? And why?

          Is there something openvpn isn't doing that wireguard does you need? Not sure why you would go from a perfectly working setup, to something your having issues with for what exactly? A few extra KBps in overall transfer?

          Most of the time I would remote into my home system.. Really hasn't been a need since covid and work from home. Bandwidth was never an issue.. Since either remote desktop to my home machine, or just hitting some web gui of some service on my home network.

          I get it wireguard is new thing - openvpn has been around forever.. But I don't really see it any easier to setup.. And you can not do tcp with it - which is a big plus for me when trying to access home network say off the proxy at work, or somewhere else where default 1194 udp might be blocked. They really never block tcp 443 ;)

          I had it running there for a bit when it was official as test - yeah it worked. So? I didn't disable my openvpn ;)

          Even if it was easy peasy click this button to setup - and shazam the sky opened up with rainbows and angels singing.. I still wouldn't be turning off my tried and true openvpn setup..

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.03 | Lab VMs 2.7.2, 24.03

          R 1 Reply Last reply Reply Quote 2
          • R
            revengineer @johnpoz
            last edited by revengineer

            ok, I figured this out and it is not that hard after all because the number of settings (and as such, trial and error permutations) are limited. I abandoned the guides I have found because they were misleading and, I suspect, were written by folks who have barely basic experience setting up networks.

            The best guide I have found and works is a netgate recipe posted here. It does not explain the steps for setting up the interface and gateway but with some trial and error I got there.

            @johnpoz said in I am lost....:

            Is there something openvpn isn't doing that wireguard does you need?

            Not really, but it exists and is experimental, so I thought I try it out. I was simply curious.

            Not sure why you would go from a perfectly working setup, to something your having issues with for what exactly? A few extra KBps in overall transfer?

            I am not planning by any means to abandon OpenVPN. It has served me well and there is a longer track record of security than for Wireguard. In fact, I will disable the firewall rule for Wireguard now that it is working and wait for verdicts on security. But I appreciate having this as an option and perhaps will use it more in the future.

            Most of the time I would remote into my home system.. Really hasn't been a need since covid and work from home. Bandwidth was never an issue.. Since either remote desktop to my home machine, or just hitting some web gui of some service on my home network.

            So true, while I have started travelling lightly now, I could have turned off VPN entirely for much of the past year because I was stuck at home, right next to my pfsense router.

            I get it wireguard is new thing - openvpn has been around forever.. But I don't really see it any easier to setup.. And you can not do tcp with it - which is a big plus for me when trying to access home network say off the proxy at work, or somewhere else where default 1194 udp might be blocked. They really never block tcp 443 ;)

            This is a concern I share as well. As I travel around, I often find the UDP 1194 port blocked and I use TCP 443 without issues and bandwidth seems sufficient.

            I had it running there for a bit when it was official as test - yeah it worked. So? I didn't disable my openvpn ;)

            As stated before, OpenVPN remains up and running here.

            Even if it was easy peasy click this button to setup - and shazam the sky opened up with rainbows and angels singing.. I still wouldn't be turning off my tried and true openvpn setup..

            Agreed.

            johnpozJ 1 Reply Last reply Reply Quote 1
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @revengineer
              last edited by johnpoz

              @revengineer said in I am lost....:

              I suspect, were written by folks who have barely basic experience setting up networks.

              So freaking true - bet you could find 50 youtube videos watching someone click some buttons and fill in info without them having a clue to what they are actually doing ;) hehehhe

              As to ease of setup - I thought, maybe I mistaken but at some point there is/was suppose to be a QR code you could just point your phone at to set it up? If that was true than yeah it would be slick ;)

              When I had tested it - I just used the netgate recipe you linked too. Really has all the info you need it.. If they put it in a youtube video the kids would be all over it ;)

              I personally have zero actual need for it - but sure when its official again I prob fire it up to play with.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.03 | Lab VMs 2.7.2, 24.03

              R 1 Reply Last reply Reply Quote 1
              • R
                revengineer @johnpoz
                last edited by

                @johnpoz said in I am lost....:

                As to ease of setup - I thought, maybe I mistaken but at some point there is/was suppose to be a QR code you could just point your phone at to set it up? If that was true than yeah it would be slick ;)

                The Android app had this capability but pfsense does not yet seem to generate these codes, at least not through the GUI. I tried downloading the config and importing this but this did not work. This was in the early tries when I did not understand what I was doing. Maybe it would work now.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post