• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Multiple Wireguard Gateways Working/Not-Working

Scheduled Pinned Locked Moved WireGuard
3 Posts 2 Posters 328 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G
    Gammon
    last edited by Aug 6, 2024, 11:48 AM

    Hi,

    I have multiple almost identical Wireguard VPN connections to privacy VPNs (ProtonVPN). My intention is to use firewall rules to direct specific traffic to the preferred geolocation without having to change VPN and have multiple connections to each location (using gateway groups) for redundancy.

    Wireguard was working great with 2 or 3 tunnels, however with 8 tunnels, only approx. 3 of the gateways are coming up. The wireguard tunnels and peers are all healthy, however the dpinger status is not getting any responses. (Yes, 8 VPN connections is probably overkill.)

    I have:
    1.) Checked Wireguard, peer, gateway and interface configs are identical (confirmed in pfSense backup '.conf' file). (Note, I am ignoring the differences we expect, eg. ports, IPs, keys, etc.)
    2.) Checked Wireguard configs are working (confirmed using Wireguard app on desktop).
    3.) Checked dpinger IPs are all unique.
    4.) Tried restarting dpinger service.
    5.) Tried restarting Wireguard service.
    6.) Reinstalled a fresh copy of pfsense and restored conf file.
    7.) Tried disabling gateway monitoring for a specific interface and re-enabling it. **This works 15% of the time to get the gateway healthy.
    8.) Tried pinging the dpinger IPs from my computer (I assumed these requests will follow the same dpinger routing policy, but this does not seem to be the case? Maybe my firewall routing rule is interfering?)
    9.) Tried pinging from the firewall and I get similar results as dpinger.

    Although Wireguard is reporting all healthy, I am not convinced it is. I am also not convinced dpinger is working as intended. I am at a loss with how to debug this further. Does anybody have any suggestions?

    Thanks in advance.

    B 1 Reply Last reply Aug 6, 2024, 12:16 PM Reply Quote 0
    • B
      Bob.Dig LAYER 8 @Gammon
      last edited by Bob.Dig Aug 6, 2024, 12:17 PM Aug 6, 2024, 12:16 PM

      @Gammon You can have 10 connections max. so maybe you have to pause for some time in testing.
      But I also saw problems with my provider, therefore I use OpenWRT-VMs as my WireGuard Clients.

      Screenshot 2024-08-06 141403.png

      Screenshot 2024-08-06 141604.png

      G 1 Reply Last reply Aug 6, 2024, 12:45 PM Reply Quote 1
      • G
        Gammon @Bob.Dig
        last edited by Aug 6, 2024, 12:45 PM

        @Bob-Dig
        Awww. Suggesting that is like taking a xmas present back from a child. ☹️

        Good idea - I'll try pruning the clients back to maybe 2 or 3 and experiment from there. If I have no luck with that, I'll check out opendwt (I used to run ddwrt - i didn't realise openwrt was unlocked/unlicensed for x86).

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received