Messages

I set mine up with a gateway, not sure if this is the issue. I did not touch unbound and am using a separate DNS server for local DNS. I don't think this has anything to do with unbound, as your config would send all traffic down the tunnel (0.0.0.0/0). Did you create the outbound NAT rule, as I didn't see that in your screenshots?

I attached my config if that helps.

Are you using any overlapping IP's or ports by any chance?

That's exactly what it was, I was using the same port, I think maybe I thought it was listening on different interfaces. Always the simple things ;D

Thank you both for your ideas - and for the excellent guides :)

[However...the two do not work together simultaenously.]

Hi all, strange issue here.

I have configured OPNsense first as a client to do selective routing (specific hosts) via Mullvad using the guide on the website, and that is working fine. I have created an interface, a gateway and set up all firewall rules.

I have also then configured OPNsense as a server (road warrior setup), which I have also done successfully. I've created an interface for this and a separate subnet, and clients can connect and access internal and external resources (as per my fw rules).

However...the two do not work together simultaenously.

When both are enabled (under WireGuard, Local), the road warrior clients can no longer get a handshake, but Mullvad continues to work. When I disable Mullvad, the road warrior clients work fine. Both have their own interface. I am not trying to route any of the road warrior clients via Mullvad.

Any thoughts on what the issue could be? I saw this same issue mentioned in the comments here, but without successful resolution. Thanks!

Does anyone know if this kernel module would support VPP/intel-ipsec-mb and/or Intel QAT?

Was recently reading this very interesting Intel article on a "Performance Comparison of Kernel WireGuard, VPP WireGuard with Software Encryption, and VPP WireGuard with Hardware Lookaside Encryption". Page 12 is the good stuff :)

Can confirm port forwarding does not work through WireGuard kmod with TorGuard, OpenVPN with the exact same firewall port forwarding rules works fine.

Github issue here is closed?

Port forwarding works and its mentioned at the bottom of my Scripts README  :)

Ok thanks for confirming, I have been unable to get it working, if you wouldn't mind sharing your rules I would appreciate it.

It says misconfigured in the UI, but works perfectly for me,  thank you for a great plugin.

Glad to hear it working great for you. I also find it worth using a known good speedtest server.

I saw you have a script for PIA, curious if you were able to get port forwarding working using the new kernel mod with PIA, and if so how? :)

So the connection to your VPN provider works accept the port forwarding?

Yes it all works well except for the port forwarding. Traffic flows, but Torrent client can't accept incoming connections.

Have you tried the -kmod variant, it may solve this

Yes I am using the kernel mod at the moment, it is much faster, but I can't get port forwarding to work no matter what I try :(

Have also followed this guide, and am still seeing incoming traffic hitting the WAN (and being rejected), rather than coming in on the WG interfaces...very odd.

https://nguvu.org/pfsense/pfsense-port-forward/

I am wondering if WireGuard behaves in a different way than OpenVPN when it comes to incoming connections...?

One thing that I have noticed is incoming connections being rejected on the WAN interface, which I don't really understand (as the traffic report shows the traffic going through the Wireguard interfaces)...

Hi everyone,

I was wondering if anyone could assist me in configuring firewall rules to allow inbound connections through a Wireguard VPN.

I have set up 3 WG connections using this guide, and this works well. These connections are also load balanced in a gateway group, with traffic flowing through them.

What I would like to do is now allow incoming connections through these WG connections, and forward those requests to an internal IP. I have forwarded the ports at the VPN provider, and have added port forwarding rules on the WG interfaces, but have had no luck and ports still show as closed.

Any suggestions about where to look would be much appreciated.

Hi all,

I have to say this worked beautifully for me, I tried this out using 3 WireGuard connections in a Gateway Group on a 1Gbps up/down line. Was not able to get over around 400MBps down before and CPU was maxed out, now it is peaking around 900Mbps. CPU still fluctuates, but it seems like the speed is much better :D

https://ibb.co/Sy6pnXz
https://ibb.co/Vm9pXkJ
https://ibb.co/cNf0Ryq

Be careful what speedtest binary you are using, I was originally trying alpine linux package and the results were nonsensical around 150Mbps, these results are using Ookla 1.0.0.2 (5ae238b). Thanks to all who put in their hard work on this.