Wireguard is not routing any traffic
-
@bob-dig have you set the MSS on the Wireguard interface?
-
@thisisme No, I don't think it is a must anyways.
-
@bob-dig for me it don't work without it
-
@thisisme So which size should it be?
-
@bob-dig 1412 seems to work. Maybe you have to play a bit
-
Solved my DNS problem. Looks like wireguard is not adding any routes. I had to add a manual one for the DNS-Address and the gateway
-
Got it working too, thanks for the MTU hint!!
I went with 1420. Without it, it wasn't working.I didn't need any routes but my setup is different. Also no manual outbound NAT needed, see below.
For IP I went with /32 and changed the IP for the second tunnel myself.
-
Something to note when using Surfshark VPN on pfSense with WireGuard instead of OpenVPN.
You decide which IP will be used > no more overlapping IPs with different tunnels.
No good GUI support for changing the public IP of one tunnel, you have to restart the whole WireGuard service for all the tunnels to change IPs and it takes much longer for a new connection (but it is possible).
In my testing, speed was the same with my hardware.
-
@thisisme I noticed that the performance is lower with WG on ss, more loss etc. What is your experience so far?
-
@bob-dig I don't see any performance loss. Maybe even a little gain, but hard to say, because the last 15mbit to my full bandwidth are a bit unstable with Surfshark with both approaches.
-
@thisisme Probem for me it is packet loss, not the speed. I kinda remember that even in their own app, WG is working worse then OVPN, so I will switch back...
YGWYPF -
@bob-dig since 2 hours I have a lot of loss too. Since then it was always below 10%. I think the Surfshark servers are unstable or overloaded
-
@thisisme Back on OVPN, so much better. It was a short endeavor. I think their WG implementation is just bad, for years now.
-
@bob-dig packet loss with WG close to zero again for me
-
@thisisme Maybe it was me ^^
-
My surfshark wireguard configuration is not working. I'm sure it must be something incredibly obvious, but I can't figure it out.
Can someone please scan the config below and let know what is missing. For testing I have it configured like @Thisisme 's example.
fyi .... I am using selective routing and have a couple of LAN devices that are configured with firewall rules to only route to the surfshark wireguard gateway. Also, my OpenVPN config is fine.
-
@matosc Do you have two Gateways for that connection?
Today I noticed that pfSense isn't really doing any cleaning with gateways when I removed all OVPN connections and later removed all WG connections...
OVPN runs great with ss. I think it is even using DCO but I am not sure. -
@bob-dig I have several gateways, with only 1 for the wireguard connection.
- WAN
- Surfshark Wireguard
- Surfshark OpenVPN - near my location
- Surfshark OpenVPN - for USA connections
Helps?
-
@matosc Maybe you can't have two connections simultaneously (OVPN and WG) to the same server? I am back on OVPN so I can't help anymore.
-
@bob-dig I really appreciate the help.
I changed my config to test this more - recreated the wireguard configuration and removed the OpenVPN connections entirely.
Still can't connect from the single device on the network that is configured with a LAN rule to only connect to the specified gateway.
Here is the latest config.
