Messages

1

Virtual private networks / Re: Mullvad WG issue, Local Configuration DNS server doesn't resolve

« on: December 06, 2022, 06:04:18 am »

I set mine up with a gateway, not sure if this is the issue. I did not touch unbound and am using a separate DNS server for local DNS. I don't think this has anything to do with unbound, as your config would send all traffic down the tunnel (0.0.0.0/0). Did you create the outbound NAT rule, as I didn't see that in your screenshots?

I attached my config if that helps.

2

Virtual private networks / Re: Can't get OPNsense to act as WG Server & Client simultaneously

« on: December 05, 2022, 11:33:19 pm »

Are you using any overlapping IP's or ports by any chance?

That's exactly what it was, I was using the same port, I think maybe I thought it was listening on different interfaces. Always the simple things

Thank you both for your ideas - and for the excellent guides

3

Virtual private networks / [solved] Can't get OPNsense to act as WG Server & Client simultaneously

« on: December 05, 2022, 08:02:02 pm »

Hi all, strange issue here.

I have configured OPNsense first as a client to do selective routing (specific hosts) via Mullvad using the guide on the website, and that is working fine. I have created an interface, a gateway and set up all firewall rules.

I have also then configured OPNsense as a server (road warrior setup), which I have also done successfully. I've created an interface for this and a separate subnet, and clients can connect and access internal and external resources (as per my fw rules).

However...the two do not work together simultaenously.

When both are enabled (under WireGuard, Local), the road warrior clients can no longer get a handshake, but Mullvad continues to work. When I disable Mullvad, the road warrior clients work fine. Both have their own interface. I am not trying to route any of the road warrior clients via Mullvad.

Any thoughts on what the issue could be? I saw this same issue mentioned in the comments here, but without successful resolution. Thanks!

4

Virtual private networks / Re: Wireguard kernel mainstream support

« on: November 14, 2022, 05:48:00 pm »

Does anyone know if this kernel module would support VPP/intel-ipsec-mb and/or Intel QAT?

Was recently reading this very interesting Intel article on a "Performance Comparison of Kernel WireGuard, VPP WireGuard with Software Encryption, and VPP WireGuard with Hardware Lookaside Encryption". Page 12 is the good stuff

5

21.1 Legacy Series / Re: Port forwarding through WireGuard

« on: May 02, 2021, 02:03:23 am »

Can confirm port forwarding does not work through WireGuard kmod with TorGuard, OpenVPN with the exact same firewall port forwarding rules works fine.

Github issue here is closed?

6

21.1 Legacy Series / Re: Native-kernel wireguard support for 21.1 feasible? FreeBSD 13 may have it

« on: April 30, 2021, 07:30:25 pm »

Port forwarding works and its mentioned at the bottom of my Scripts README 

Ok thanks for confirming, I have been unable to get it working, if you wouldn't mind sharing your rules I would appreciate it.

7

21.1 Legacy Series / Re: AdGuardHome Plug In Misconfiguration

« on: April 30, 2021, 02:42:10 pm »

It says misconfigured in the UI, but works perfectly for me,  thank you for a great plugin.

8

21.1 Legacy Series / Re: Native-kernel wireguard support for 21.1 feasible? FreeBSD 13 may have it

« on: April 30, 2021, 02:38:40 pm »

Glad to hear it working great for you. I also find it worth using a known good speedtest server.

I saw you have a script for PIA, curious if you were able to get port forwarding working using the new kernel mod with PIA, and if so how?

9

21.1 Legacy Series / Re: Port forwarding through WireGuard

« on: April 30, 2021, 02:31:43 pm »

So the connection to your VPN provider works accept the port forwarding?

Yes it all works well except for the port forwarding. Traffic flows, but Torrent client can't accept incoming connections.

Have you tried the -kmod variant, it may solve this

Yes I am using the kernel mod at the moment, it is much faster, but I can't get port forwarding to work no matter what I try

10

21.1 Legacy Series / Re: Port forwarding through WireGuard

« on: April 29, 2021, 04:15:47 pm »

Have also followed this guide, and am still seeing incoming traffic hitting the WAN (and being rejected), rather than coming in on the WG interfaces...very odd.

https://nguvu.org/pfsense/pfsense-port-forward/

I am wondering if WireGuard behaves in a different way than OpenVPN when it comes to incoming connections...?

11

21.1 Legacy Series / Re: Port forwarding through WireGuard

« on: April 29, 2021, 02:43:57 am »

One thing that I have noticed is incoming connections being rejected on the WAN interface, which I don't really understand (as the traffic report shows the traffic going through the Wireguard interfaces)...

12

21.1 Legacy Series / Port forwarding through WireGuard

« on: April 28, 2021, 10:42:54 pm »

Hi everyone,

I was wondering if anyone could assist me in configuring firewall rules to allow inbound connections through a Wireguard VPN.

I have set up 3 WG connections using this guide, and this works well. These connections are also load balanced in a gateway group, with traffic flowing through them.

What I would like to do is now allow incoming connections through these WG connections, and forward those requests to an internal IP. I have forwarded the ports at the VPN provider, and have added port forwarding rules on the WG interfaces, but have had no luck and ports still show as closed.

Any suggestions about where to look would be much appreciated.

13

21.1 Legacy Series / Re: Native-kernel wireguard support for 21.1 feasible? FreeBSD 13 may have it

« on: April 27, 2021, 06:55:05 pm »

Hi all,

I have to say this worked beautifully for me, I tried this out using 3 WireGuard connections in a Gateway Group on a 1Gbps up/down line. Was not able to get over around 400MBps down before and CPU was maxed out, now it is peaking around 900Mbps. CPU still fluctuates, but it seems like the speed is much better

https://ibb.co/Sy6pnXz
https://ibb.co/Vm9pXkJ
https://ibb.co/cNf0Ryq

Be careful what speedtest binary you are using, I was originally trying alpine linux package and the results were nonsensical around 150Mbps, these results are using Ookla 1.0.0.2 (5ae238b). Thanks to all who put in their hard work on this.