Two tunnel with same IP
-
Is it possible to setup two WireGuard tunnel with the same interface IP address? I'm using a VPN provider to surf anonymously. I'd like to configure a Fallback Tunnel to a second datacenter. Unfortunately each datacenter seems to require the same IP Subnet for my WireGuard pfsense Interface. (It's not possible to have two interfaces with the same IP)
-
@Thisisme Short answer, no.
I run 5 virtual OpenWRT-Routers to have those tunnels working.
-
@Bob-Dig Thanks for the answer. That's a bit unfortunate, because surfshark seems to require 10.14.0.2 for my local interface for every site.
What happens if I configure two peers with the same "allowed ip" 0.0.0.0/0? Will it just use the first matching or round Robin? If the first peer is down, will it fail over to the second? colored text
-
@Thisisme Try it out I guess. I want to use my tunnels simultaneously so I haven't looked at your usecase closely.
-
@Bob-Dig i guess that's not what I want anyway. In most cases I suffer from package loss that wouldn't failover with this approach anyway.
-
@Thisisme Are you still with ss? I have no problems at all with them, especially since I switched my ISP (away from Deutsche Telekom).
In pfSense you can create Gatewaygroups which can handle packet loss but you need some simultaneous gateways for that.
Also a misconfiguration of wireguard, e.g. wrong ip addresses in the client config or two tunnels with the same ip, can create packet loss.
-
@Bob-Dig I'm sure it's no misconfiguration. The packet loss are short 1min Windows. They made their wireguard server very stable lately. So it's more like 2-3 times a week now. With my OpenVPN backup I never notice the the packet loss at all. Only my monitoring notices.
