Wireguard is not routing any traffic
-
My surfshark wireguard configuration is not working. I'm sure it must be something incredibly obvious, but I can't figure it out.
Can someone please scan the config below and let know what is missing. For testing I have it configured like @Thisisme 's example.
fyi .... I am using selective routing and have a couple of LAN devices that are configured with firewall rules to only route to the surfshark wireguard gateway. Also, my OpenVPN config is fine.
-
@matosc Do you have two Gateways for that connection?
Today I noticed that pfSense isn't really doing any cleaning with gateways when I removed all OVPN connections and later removed all WG connections...
OVPN runs great with ss. I think it is even using DCO but I am not sure. -
@bob-dig I have several gateways, with only 1 for the wireguard connection.
- WAN
- Surfshark Wireguard
- Surfshark OpenVPN - near my location
- Surfshark OpenVPN - for USA connections
Helps?
-
@matosc Maybe you can't have two connections simultaneously (OVPN and WG) to the same server? I am back on OVPN so I can't help anymore.
-
@bob-dig I really appreciate the help.
I changed my config to test this more - recreated the wireguard configuration and removed the OpenVPN connections entirely.
Still can't connect from the single device on the network that is configured with a LAN rule to only connect to the specified gateway.
Here is the latest config.
-
@matosc You could switch to Automatic Outbound NAT for now if you don't use OVPN.
Have you given your public Key to ss in their WebUI?
Your LAN rule has no fault?
No rules on the WireGuard Group Interface, if it exist.I just got WG from pfSense to my android phone working, it took me ages...
-
@bob-dig thanks for idea of turning on Automatic Outbound NAT. It's working! There must have been a hidden issue in the background. Anyway, I'm very happy that I can finally connect via WG.
Everyone once and a while I lose WG connection and route via the WAN. This kinda sounds like what others are experiencing. Will track this topic and see if others report the same.
-
@Thisisme How is it going? How many WG-tunnels have you running with ss?
-
@bob-dig I have one tunnel atm. But I'm not sure about it. I have the same problem with OpenVPN and WG: several times a day I get packet loss leading to gateway shutdown. But with WG it seems more often.
-
@thisisme I went crazy today and created 5 VMs, each with OpenWRT. Every VM has one WG-tunnel and all are connected to pfSense. I use these as gateways, so no more overlapping IP issues. Lets see how it goes.
-
@thisisme said in Wireguard is not routing any traffic:
@bob-dig I have one tunnel atm. But I'm not sure about it. I have the same problem with OpenVPN and WG: several times a day I get packet loss leading to gateway shutdown. But with WG it seems more often.
Set your Wireguard interface MTU to 1420.
-
@Thisisme With my 5 virtual OpenWRT Routers I have no problems at all, running fantastic. So it might be that ss doesn't like the pfSense implementation of WG.
-
@bob-dig You're living on the edge with these dummy GW IPs (1.1.1.2-7). Those are NO valid IPs from CF DNS but random services that can be on- and off at will. I'd think about better not using those if I don't exactly know where or what is behind them ;)
-
@jegr Using them for years now without a problem but thanks for the heads up, it is only for my personal use anyway.
-
@JeGr Apropos living on the edge.
