I've created two WG tunnels (Mullvad) and created a gateway group with both tunnels on tier 1 to use load balancing, so in the firewall -> LAN rule I've selected that gateway group.
But when I look at the firewall -> live view of both wireguard interfaces, I see traffic on one WG interface only and on the other one it's just every now and then some ICMP and that's all, what am I missing?
Tia.
What happens, when you reload this page https://www.whatsmyip.org/ ?
Quote from: Bob.Dig on October 09, 2023, 10:16:50 PM
What happens, when you reload this page https://www.whatsmyip.org/ ?
I see a page with lots of info, starting from my IP address, and username & user agent, etc. - I can't take a screenshot as I'm testing that with the browser of my TV (which is connected via Wireguard)...
Quote from: hushcoden on October 09, 2023, 09:51:51 PM
But when I look at the firewall -> live view of both wireguard interfaces, I see traffic on one WG interface only and on the other one it's just every now and then some ICMP and that's all, what am I missing?
Are you testing multiple LAN clients? It would be very bad for your Internet experience if requests from a single machine would alternatingly use both tunnels.
Quote from: Patrick M. Hausen on October 10, 2023, 10:25:43 AM
Are you testing multiple LAN clients? It would be very bad for your Internet experience if requests from a single machine would alternatingly use both tunnels.
Currently I have two devices using Wireguard and one of those if my TV... so, should I configure the two tunnels in the gateway group as failover instead (member down option) ?
I mean in case of a gateway group the OPNsense will use "sticky" connections, i.e. a client will stick to the tunnel it is using. Many applications lock sessions to IP addresses so alternating addresses for HTTPS requests would be a bad thing.
Unless you have e.g. 10 clients and can check if on average 5 are using each tunnel, testing is difficult in such scenarios. What are you trying to achieve? You have a single Internet uplink or two?
Quote from: Patrick M. Hausen on October 10, 2023, 10:37:23 AM
Unless you have e.g. 10 clients and can check if on average 5 are using each tunnel, testing is difficult in such scenarios. What are you trying to achieve? You have a single Internet uplink or two?
I'm just testing & learning :P and I've changed the setup of the second tunnel in the gateway group to tier 2
Quote from: hushcoden on October 10, 2023, 10:20:51 AM
I see a page with lots of info, starting from my IP address, and username & user agent, etc. - I can't take a screenshot as I'm testing that with the browser of my TV (which is connected via Wireguard)...
Can you test with a pc? Press ctrl-F5 and you should get an IP-change every time, at least that is working for me.
Nope, IP doesn't change... but it's fine, I changed the setup to failover, i.e. tier 1 / tier 2 and member down (and I only have 1 Internet connection).
I believe load balance has an impact on performance, right?
Thank you all.