OPNsense Forum

English Forums => Virtual private networks => Topic started by: aes on March 11, 2024, 03:26:25 pm

Title: [Solved] Proton VPN two gateways
Post by: aes on March 11, 2024, 03:26:25 pm

Has anyone managed to configure two wireguard endpoints successfully in gateway group?

I have one working endpoint and cannot figure out how to make the second one function despite having followed almost the exact same steps in configuring both of them; the only difference being how the addresses are configured on wireguard > settings > instances:

for connection1 I have configured the default values provided in proton config

Code: [Select]

peer
| public key       | .conf > Peer PublicKey                  |
| allowed ips      | .conf > Peer AllowedIps (0.0.0.0/0)     |
| endpoint address | .conf > Peer Endpoint (196.196.203.202) |
| endpoint port    | .conf > Peer Endpoint (51820)           |

instance
| public key     | .conf > Peer PublicKey                  |
| private key    | .conf > Interface PrivateKey            |
| listen port    | .conf > Peer Endpoint port (51820)      |
| tunnel address | .conf > Interface Address (10.2.0.2/32) |
| peers          | proton_peer1                            |
| disable routes | check                                   |
| gateway        | tunnel address -1 (10.2.0.1)            |
for connection2 the same except tunnel, gateway and endpoint

Code: [Select]

peer
| public key       | .conf > Peer PublicKey                  |
| allowed ips      | .conf > Peer AllowedIps (0.0.0.0/0)     |
| endpoint address | .conf > Peer Endpoint (194.34.132.55)   |
| endpoint port    | .conf > Peer Endpoint (51820)           |

instance
| public key     | .conf > Peer PublicKey                  |
| private key    | .conf > Interface PrivateKey            |
| listen port    | .conf > Peer Endpoint port (51820)      |
| tunnel address | .conf > Interface Address (10.3.0.2/32) |
| peers          | proton_peer2                            |
| disable routes | check                                   |
| gateway        | tunnel address -1 (10.3.0.1)            |
then both are assigned and configured in interface assignments. at this point peer 1 handshake succeeds but peer2 doesnt.
is there some gotcha i'm missing?

Title: Re: Proton VPN two gateways
Post by: miroco on March 11, 2024, 04:47:28 pm

What if you switch the port on one of the Instances to anything other than 51820, like 51821?

https://schnerring.net/blog/opnsense-baseline-guide-with-vpn-guest-and-vlan-support/#remote-peers (https://schnerring.net/blog/opnsense-baseline-guide-with-vpn-guest-and-vlan-support/#remote-peers)

miroco

Title: Re: Proton VPN two gateways
Post by: aes on March 11, 2024, 10:19:12 pm

its always something so simple isn't it? that'd be it, thanks!