Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Connection to a Wireguard server drops after 60kB

    Scheduled Pinned Locked Moved
    WireGuard
    1
    1
    229
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      moutardefromdijon
      last edited by moutardefromdijon

      I want pfSense to be a Wireguard client, not a Wireguard server.

      I have a VPS with a Wireguard server. I have added my phone as a client device, and it works great.

      The problem is after I add pfSense as a client device, and setup an Interface for it. On the Wireguard status page on pfSense, the handshake works, the Peer is in green. But nothing over approximately 60kB bits is ever transferred via curl or through Squid proxy with Outgoing Network Interface set to the Wireguard VPN interface. Below is an example of what I mean (IP test first, then attempt to download a 1GB dummy file)

      [2.6.0-RELEASE][root@pfsense.home]/root: curl icanhazip.com
<my IP, as expected>

[2.6.0-RELEASE][root@pfsense.home]/root: curl --interface tun_wg3 icanhazip.com
<VPS IP, as expected>

[2.6.0-RELEASE][root@pfsense.home]/root: curl --interface tun_wg3 http://test-debit.free.fr/1048576.rnd --output zz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0 1024M    0 64017    0     0  28975      0 10:17:37  0:00:02 10:17:35 28980

and 40 seconds later

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0 1024M    0 64017    0     0   1478      0   8d 09h  0:00:43   8d 09h     0^C

      I have tried using default MTU and MSS, and set them to 1420, nothing changes. It is not only that website, others fail to transfer over ~ 60kB per connection too. https://openstreetmap.org/ fails to load completely because of this for example.

      My config on PfSense is https://imgur.com/a/EcNi0WP

      My outbound NAT mode is Hybrid, and I have made a mapping

      Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port
      Oracle any * * * ORACLE address * double crossed arrow

      Policy routing works well, and so does static routing. This problem happens with curl on the router, and when I use the Squid proxy with Outgoing Network Interface set to the Wireguard VPN interface. So I think that if I solve it with curl, the Squid Proxy will also work.

      Am I doing something wrong?

      TLDR: I want to have a Squid HTTP Proxy that routes through the Wireguard VPN. In conjunction with the addon https://github.com/FelisCatus/SwitchyOmega, this setup would let me use my VPN (via a Squid HTTP Proxy) for certain domains but not others.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post