Surfshark Wireguard VPN on Guest VLAN Blocking Some Content
-
Surfshark Wireguard VPN is running on my pfSense 2.8.0 Guest VLAN. It runs well. IoT devices (cameras, refrigerator) and TV devices (TVs, FireTV, etc.,) on my Guest subnet run well.
On our Android phones, several sites/apps do not populate. That’s what I want to fix. Sites/apps that don't fully work include Strava, Suunto, and one or more news sites. I have not tested every app. The Strava app loads but data does not populate. pfBlockerNG does not appear to be blocking this content.
When I run surfshark.com/check on my phone while connected to my Guest network, the Surfshark IP and WebRTC info is correct. However, DNS addresses do not populate and therefore the Copy to clipboard button is not enabled.
Guest Interface MSS clamping (MSS) is set to 1412. MTU is blank. I've tried other MSS values.
Firewall Hybrid Outbound NAT rule.
Surfshark Gateway
Guest network Firewall rules.
Guest Kea DHCP servers are not set to Surfshark DNS servers. I've tried both ways.
DNS servers are not set in General Setup
DNS Resolver settings
-
@PFgate check that IPv6 is completely disabled on GUEST, that both RA and DHCPv6 are off, otherwise clients might try and connect with IPv6. The firewall log should tell you if there has been such attempts.
I don't know if Surfshark supports IPv6 over their Wireguard tunnels, some VPN providers do, but you would need to configure a separate gateway for that, plus a FW rule on GUEST.
-
Thanks! Surfshark does not support IPv6.
DHCPv6 Server is not running on GuestGuest VLAN IPv6 Configuration Type is None.
Router Advertisement Router Mode is Disabled
Added a Guest firewall rule at the top of the stack to block IPv6 traffic
Also tested disabling IPv6 in the APN on my phone. Didn't help.
We're still having problems with some apps/content on our phones.