Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    wireguard multiwan doesnt properly round robin traffic

    Scheduled Pinned Locked Moved Routing and Multi WAN
    wireguardmultiwantraffic shaping
    1 Posts 1 Posters 648 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      Viss
      last edited by

      Hello!

      Multiwan wireguard setup in round-robin doesn't treat traffic the same as exactly the same setup without wireguard.

      My setup:
      I have a dual-isp setup (cox & starlink), and I have all outbound traffic flowing across wireguard tunnels to a second pfsense appliance in a colo.

      I've been able to force wireguard to create tunnels on the appropriate interfaces (since you cant bind it to one) by using static routes. The receiving end is using two IPs for this, and I've created rules on the far end to only permit the appropriate source IP to land on the designated target IP.

      The issue:
      When using the wireguard tunnels, the same exact round-robin multiwan setting (two gateways, both set to tier 1) traffic only flows over one gateway and the second is idle. If I switch to just using the naked gateways versus the wireguard interfaces, traffic flows as expected and is properly load balanced across both links.

      A wrinkle:
      If I setup policy rules on the LAN firewall section to specify the same exact gateway group, and also have the default gateway for the firewall using the same group "it kinda works", but I only get about 75% of the bandwidth - the graphs do show traffic flowing across both links, though.

      Expected functionality: I would expect that round-robin multiwan would work exactly the same over wireguard versus over naked isp links.

      I'm not 100% sure why using wireguard tunnels in a round-robin config would cause the round-robin part to just 'not apply', and I'm even more confused about adding the policy routing component making it mostly work.

      Any help here would be great!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.