Wireguard is not routing any traffic

Aug 25, 2022, 12:12 PM

@bob-dig have you set the MSS on the Wireguard interface?

Bob.Dig · Aug 25, 2022, 12:14 PM

@thisisme No, I don't think it is a must anyways.

Aug 25, 2022, 12:15 PM

@bob-dig for me it don't work without it

Bob.Dig · Aug 25, 2022, 12:17 PM

@thisisme So which size should it be?

Aug 25, 2022, 12:19 PM

@bob-dig 1412 seems to work. Maybe you have to play a bit

Aug 26, 2022, 6:50 AM

Solved my DNS problem. Looks like wireguard is not adding any routes. I had to add a manual one for the DNS-Address and the gateway

Bob.Dig · Aug 25, 2022, 5:37 PM

Got it working too, thanks for the MTU hint!!
I went with 1420. Without it, it wasn't working.

I didn't need any routes but my setup is different. Also no manual outbound NAT needed, see below.

For IP I went with /32 and changed the IP for the second tunnel myself.
login-to-view

Bob.Dig · Aug 25, 2022, 5:42 PM

Something to note when using Surfshark VPN on pfSense with WireGuard instead of OpenVPN.

You decide which IP will be used > no more overlapping IPs with different tunnels.

No good GUI support for changing the public IP of one tunnel, you have to restart the whole WireGuard service for all the tunnels to change IPs and it takes much longer for a new connection (but it is possible).

In my testing, speed was the same with my hardware.

Bob.Dig · Aug 26, 2022, 6:50 AM

@thisisme I noticed that the performance is lower with WG on ss, more loss etc. What is your experience so far?

Aug 26, 2022, 9:08 AM

@bob-dig I don't see any performance loss. Maybe even a little gain, but hard to say, because the last 15mbit to my full bandwidth are a bit unstable with Surfshark with both approaches.

Bob.Dig · Aug 26, 2022, 1:33 PM

@thisisme Probem for me it is packet loss, not the speed. I kinda remember that even in their own app, WG is working worse then OVPN, so I will switch back... YGWYPF

Aug 26, 2022, 1:40 PM

@bob-dig since 2 hours I have a lot of loss too. Since then it was always below 10%. I think the Surfshark servers are unstable or overloaded

Bob.Dig · Aug 26, 2022, 3:17 PM

@thisisme Back on OVPN, so much better. It was a short endeavor. I think their WG implementation is just bad, for years now.

Aug 26, 2022, 3:36 PM

@bob-dig packet loss with WG close to zero again for me

Bob.Dig · Aug 26, 2022, 3:37 PM

@thisisme Maybe it was me ^^

matosc · Aug 26, 2022, 6:55 PM

My surfshark wireguard configuration is not working. I'm sure it must be something incredibly obvious, but I can't figure it out.

Can someone please scan the config below and let know what is missing. For testing I have it configured like @Thisisme 's example.

fyi .... I am using selective routing and have a couple of LAN devices that are configured with firewall rules to only route to the surfshark wireguard gateway. Also, my OpenVPN config is fine.

login-to-view

Bob.Dig · Aug 26, 2022, 8:35 PM

@matosc Do you have two Gateways for that connection?

Today I noticed that pfSense isn't really doing any cleaning with gateways when I removed all OVPN connections and later removed all WG connections...
OVPN runs great with ss. I think it is even using DCO but I am not sure.

matosc · Aug 27, 2022, 11:15 AM

@bob-dig I have several gateways, with only 1 for the wireguard connection.

WAN
Surfshark Wireguard
Surfshark OpenVPN - near my location
Surfshark OpenVPN - for USA connections

login-to-view

Helps?

Bob.Dig · Aug 27, 2022, 11:47 AM

@matosc Maybe you can't have two connections simultaneously (OVPN and WG) to the same server? I am back on OVPN so I can't help anymore.

matosc · Aug 27, 2022, 12:30 PM

@bob-dig I really appreciate the help.

I changed my config to test this more - recreated the wireguard configuration and removed the OpenVPN connections entirely.

Still can't connect from the single device on the network that is configured with a LAN rule to only connect to the specified gateway.