two tunnels one wan
-
Hi
New to pfsense. Have it up and running, have a wg tunnel up and running with mullvad, will replace my pepwave router as soon as my new 16g managed switch comes in. I plan on using wg on the lan interface to the wan. so whole house VPN, DoT, add blocking tracker blocking. Can I setup 2 WG tunnels to the same WAN interface so that if one VPN connection fails the other picks up automatically? I would of course choose 2 different VPN servers.Thanks in advance.
-
ok I have 2 WG tunnels to mullvad. They are both working. I can select either one as the default gateway under system/routing/gateways.
Is it as simple as making a gateway group from the 2 tunnels and using the gateway group as the default gateway?
-
@galt007 Either that, or just policy routing with rules on your lan, selecting gateway groups as needed
-
So when i create two WG tunnels to Mullvad. I cant have them both listen on port 51820. I have to set one to 51821.
Then use the "51821" tunnel on LAN policy based routing and set the default gateway to the same tunnel and the mullvad VPN check green lights it - even though I'm listening on 51821
-
@galt007 No
Your listening port is irrelevant.
There is an interface and a gateway created for each vpn
I don't remember if wg automaticaly creates an interface
If it doesn't you need to assign one -
@netblues Thank You. All the testing I'm doing seems to be working. Just odd that the mullvad conf file says the port for the end point is 51820
-
@galt007 You have to create/ add interface with ip address from mullvad (/32), make them as gateway, create gateway groups, routing, nat, and rules for lan. for illustration: https://forum.netgate.com/topic/169466/multi-wan-multi-tunnels-peers-wireguard-vpn-load-balancing-failover
