wireguard multiwan doesnt properly round robin traffic

Viss

Hello!

Multiwan wireguard setup in round-robin doesn't treat traffic the same as exactly the same setup without wireguard.

My setup:
I have a dual-isp setup (cox & starlink), and I have all outbound traffic flowing across wireguard tunnels to a second pfsense appliance in a colo.

I've been able to force wireguard to create tunnels on the appropriate interfaces (since you cant bind it to one) by using static routes. The receiving end is using two IPs for this, and I've created rules on the far end to only permit the appropriate source IP to land on the designated target IP.

The issue:
When using the wireguard tunnels, the same exact round-robin multiwan setting (two gateways, both set to tier 1) traffic only flows over one gateway and the second is idle. If I switch to just using the naked gateways versus the wireguard interfaces, traffic flows as expected and is properly load balanced across both links.

A wrinkle:
If I setup policy rules on the LAN firewall section to specify the same exact gateway group, and also have the default gateway for the firewall using the same group "it kinda works", but I only get about 75% of the bandwidth - the graphs do show traffic flowing across both links, though.

Expected functionality: I would expect that round-robin multiwan would work exactly the same over wireguard versus over naked isp links.

I'm not 100% sure why using wireguard tunnels in a round-robin config would cause the round-robin part to just 'not apply', and I'm even more confused about adding the policy routing component making it mostly work.

Any help here would be great!