Messages

1

Hardware and Performance / Re: Slow Transparent Bridge?

« on: April 20, 2020, 08:59:01 am »

There's a lot of problems I have with Comcast.
First of all: If you live in any sort of populated area, you may notice your internet speeds going down. At first, you may think it's Comcast throttling you.

It may be, but it gets even worse:
They have a wifi service enabled on every one of their routers called "xfinitywifi" https://www.xfinity.com/support/articles/xfinity-wifi-hotspots that they constantly keep turned on. They say it doesn't affect your internet speed, but that's entirely false. There is a way to disable it if you log into the Xfinity site, but it only works for about a week or two. I disabled it on a 250mb/s plan and got provisioned 30MB/s down late at night. That's half the problem.

The other half of the problem is Comcast might throttle you anyway. Using a Wireguard VPN over UDP seems to mitigate this somewhat, but all in all, Comcast isn't a great ISP. I would love if I had FTTH but sadly I don't.

2

Virtual private networks / Re: Wireguard & Mullvad - I'm lost.....

« on: April 20, 2020, 03:21:03 am »

There's an official guide at https://wiki.opnsense.org/manual/how-tos/wireguard-client-mullvad.html that seems to work for me. Screenshots of my config attached. Ignore the fact that my default allow rule allows to everything but this firewall, the different naming or the fact it's on an entirely seperate interface from LAN. This is specific to my configuration and is to prevent PCs on the VPN network from accessing any possible administration interface. Other than that, this seems to work without leaking for me. If anyone knows how to change my configuration to allow failover (multiple wireguard VPNs, etc) that would be nice. So far I have a static route for the first VPN, and I'm assuming to use two different routers I need to add a static route for the other router (not connected yet) to connect to another VPN over the second WAN.

Does anyone know if the same key for Wireguard works on multiple servers at the same time, or the effects of doing so? Unsure if traffic can cross from one WG peer to another in the same group, and would rather not risk it. If it doesn't, and the same key does work, I could probably get away with the same rule for two or more WG connections on the same router.

PS:
If you need the wireguard port for mullvad, try connecting to the exact same server you plan to connect your OPNSense to in the official client and see what port it uses on "IN"

When running this command from the tutorial:

Code: [Select]

curl -sSL https://api.mullvad.net/wg/ -d account=123 --data-urlencode pubkey=pubkeyDo it like this instead to escape the pubkey, as it might contain symbols that confuse the shell:

Code: [Select]

curl -sSL https://api.mullvad.net/wg/ -d account=123 --data-urlencode pubkey="pubkey"
Also, you'll probably need to enable SSH with pubkeys to access the shell (and make sure it only listens on LAN). Couldn't find it in the web interface.