Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple Wireguard Gateways Working/Not-Working

    Scheduled Pinned Locked Moved
    WireGuard
    2
    3
    147
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Gammon
      last edited by

      Hi,

      I have multiple almost identical Wireguard VPN connections to privacy VPNs (ProtonVPN). My intention is to use firewall rules to direct specific traffic to the preferred geolocation without having to change VPN and have multiple connections to each location (using gateway groups) for redundancy.

      Wireguard was working great with 2 or 3 tunnels, however with 8 tunnels, only approx. 3 of the gateways are coming up. The wireguard tunnels and peers are all healthy, however the dpinger status is not getting any responses. (Yes, 8 VPN connections is probably overkill.)

      I have:
      1.) Checked Wireguard, peer, gateway and interface configs are identical (confirmed in pfSense backup '.conf' file). (Note, I am ignoring the differences we expect, eg. ports, IPs, keys, etc.)
      2.) Checked Wireguard configs are working (confirmed using Wireguard app on desktop).
      3.) Checked dpinger IPs are all unique.
      4.) Tried restarting dpinger service.
      5.) Tried restarting Wireguard service.
      6.) Reinstalled a fresh copy of pfsense and restored conf file.
      7.) Tried disabling gateway monitoring for a specific interface and re-enabling it. **This works 15% of the time to get the gateway healthy.
      8.) Tried pinging the dpinger IPs from my computer (I assumed these requests will follow the same dpinger routing policy, but this does not seem to be the case? Maybe my firewall routing rule is interfering?)
      9.) Tried pinging from the firewall and I get similar results as dpinger.

      Although Wireguard is reporting all healthy, I am not convinced it is. I am also not convinced dpinger is working as intended. I am at a loss with how to debug this further. Does anybody have any suggestions?

      Thanks in advance.

      Bob.DigB 1 Reply Last reply Reply Quote 0
      • Bob.DigB
        Bob.Dig LAYER 8 @Gammon
        last edited by Bob.Dig

        @Gammon You can have 10 connections max. so maybe you have to pause for some time in testing.
        But I also saw problems with my provider, therefore I use OpenWRT-VMs as my WireGuard Clients.

        Screenshot 2024-08-06 141403.png

        Screenshot 2024-08-06 141604.png

        G 1 Reply Last reply Reply Quote 1
        • G
          Gammon @Bob.Dig
          last edited by

          @Bob-Dig
          Awww. Suggesting that is like taking a xmas present back from a child. ☹️

          Good idea - I'll try pruning the clients back to maybe 2 or 3 and experiment from there. If I have no luck with that, I'll check out opendwt (I used to run ddwrt - i didn't realise openwrt was unlocked/unlicensed for x86).

          1 Reply Last reply Reply Quote 0
          • First post
            Last post