Messages

Many thanks for taking the time to respond

I have moved on to open wrt on a gl. Inet router and getting fantastic wireguard speeds. Was so incredibly simple to set up. I just cannot get it going in opnsense no mater what I do

I've had endless issues setting up wireguard in both opnsense and pfsense

Gave up and used openwrt on a gl.inet and it took about 5 min

Given no answer on how to actually get this working properly Got my self a gl.inet Flint 2 running open wrt. Took me all of about 5 min to get wireguard tunnel for whole network set up even with the odd static ip exclusion.

In opnsense and pfsense doing this is way overly complicated and still was not able to get it to actuslly work. Opnsense need to massively simplify this.

Flint 2 can do just under 1gbs wireguard amd my local LAN speeds were good so I think the Nat acceleration issue with asus routers slowing local LAN when wireguard is enabled must be an Asus issue.

Had two of these Flint 2 routers running for a couple of days at two locations and so far so good. Brilliant wireguard throughput

Hope this helps all be it not the answer you might be wanting

Save yourself the hassle

Got my self a gl.inet Flint 2 running open wrt. Took me all of about 5 min to get wireguard tunnel for whole network set up even with the odd static ip exclusion.

In opnsense and pfsense doing this is way overly complicated

Flint 2 can do just under 1gbs wireguard amd my local LAN speeds were good so I think the Nat acceleration issue with asus routers slowing local LAN when wireguard is enabled must be an Asus issue.

Had two of these Flint 2 routers running for a couple of days at two locations and so far so good. Brilliant wireguard throughput

Hope this helps all be it not the answer you might be wanting

Surfshark doesn't run well on *Sense. Also their servers are often unreliable so it is hard to tell. And it seems you are technically not competent but a beginner. Good luck.

Would Appreciate constructive responses please.

Bit harsh but I would say I am competent technically, but in networking have an intermediate understanding.

We all have to learn somewhere don't we and throwing around insults when someone is genuine asking for help seems a strange approach?

If you can see where my configuration is incorrect would be grateful for you to point this out if you are more technically advanced?

Or would this be a waste of time?

Hi There

Same Issue here with surfshark, I cannot get it working at all, please see my set up at my post here https://forum.opnsense.org/index.php?topic=39783.0

Did you resolve this issue for your self and what guide did you use to set up your other vpn providers, from my configuration can you see where I might have gone wrong?

Either way you got further than me, I did get Airvpn Working previously but I have flattened it since then and im trying to get surfshark working first, I wanted to use Mullvad but they were unable to provide a further guide as to how to get theirs working with it as I requsted it but they said they would make a guide yet

Good question, but I struggle to even get wireguard working on opnsense despite following guides, I have tried for so long, I am technically quite competent but really struggle with Opnsense wireguard. Ive had it working in pfsense, but with opnsense its just hit and miss.

Could you help advise where its going wrong or push for more clear guides from Opnsense on the configurations, maybe some with videos or screenshots?

https://forum.opnsense.org/index.php?topic=39783.0

Seems you got further than me

https://forum.opnsense.org/index.php?topic=39783.0

Please can you advise if you got to the bottom of this, It feels like opnsense Wireguard needs a self contained VPN configuration section which creates and applies any Nat or Firewall rules required for a standard set up, a bit like on Asus Merlin. Can you see how your connection set up varied from mine?

Not sure why Surfshark or a lot of more technical providers like Mulvad don't create a guide themselves, I asked Mullvad but they refered me back the opnsense documentation which does not actually work even when you follow it exactly.

Said they might look at it in the future, but definately feels opnsense is missing from vpn providers guides especually surfshark where they do a guide for pretty much everything inluding pfsense.

Hi There

i think trying to do the same thing but with a wire guard connection directly to surfshark, Did you ever get to the bottom of this?

I have posted my set up and struggles trying to do the same thing in opnsense here

https://forum.opnsense.org/index.php?topic=39783.

I agree that it's way more Complicated than it needs to be conparsd to so thing like Asus merlin where vpn configuration is just an absolute doddle

Did you eventually get this working or did you give it up a bad job? Please see my thread where I have outlined my configuration https://forum.opnsense.org/index.php?topic=39783.0

No worries Chris, thanks for taking the time to respond. Hope we both get the the bottom of our issues here!

Hi Chris,

Might not be much of a help but I use Tailscale for my offsite needs to access locally without any complex set up but aprpeciate this might not be quick enough for your needs.

I wont be able to offer any further knowledge to your question here, however I note you have stated you have wireguard fully functional on IPv4, Do you mean for a connection to a VPN provider such as Surfshark?

I am trying to do this with my IPV4 connection but have not been able to get it working. All my informaiton is in this post

https://forum.opnsense.org/index.php?topic=39783.0

Would you be able to take a look at my config here please and tell me how your functional config differs please?

https://youtu.be/wubDkH3-CPc

I dont mean to Hijack your post here so if you did get a chance to look would you be able to post it back in response to to my post?

Hi There,

So I have been round and round in circles trying to get wire guard set up with my fibre PPPoe connection here in the UK, I temporarily abandoned opnsense after it randomly stopped connecting to the vpns I had set up and tried with PFsense, Got PFsense working first time round with a surf shark guide, restarted it to confirm it was still good and this broke everything, Apparently a known issue with PFsense and PPPoe connections using wire guard

(Pfsense issue with PPPOe)
https://forums.lawrencesystems.com/t/gateway-disabled-after-reboot/13220/2

So I reverted back to a fresh install on Opnsense and followed the guide from "0x2142 - Networking Nonsense" on the Mullvad Wireguard connection , with a few additions of using both public and private key, Adding the DNS server in the Instance and finally changing my LAN MSS to 1412 or 1372 as outlined in the surfshark PFsense guide, but could not get this to resolve web pages, the connection was there but no DNS resolution it would appear.

(First Guide I used which worked then it stopped)
https://www.youtube.com/watch?v=b58PpuIsQ3A&t=793s

Suffice to say I am well and truly stuck; I found this guide on Airvpn about the method to use with them and will give this a try also but seems to take a different approach, but the person writing the guide states it might not be correct.

(AirVPN Guide I found)
https://airvpn.org/forums/topic/56844-howto-opnsense-and-wireguard-to-airvpn/

Here is my video of my entire configuration below, if anyone can spot my mistakes, please let me know, I have spent probably about 50 hours trying to get wireguard working on PF and Opnsense reliably and I simply cannot do it, I am going a little mad as I don't like to give up. It works then it doesn't for no rhyme or reason. I must be doing something wrong somewhere, and guides for Opnsense wireguard are far apart. If anyone has an up to date 2024 guide for setting up somthing like Surfhshark wireguard up for Opnsense please point me in the right direction. I have looked at the Opnsense guides directly but again nothing I do with these seems to help.

(My setup)
https://youtu.be/wubDkH3-CPc

This is like a 5 min job on an Asus merlin router, it's so simple to do on them. But the throughput on wireguard is limited to around 500-600mb and then also there is a known issue where wire guard disables Nat acceleration on these therefore slowing local network speeds.

My requirement is simply of a

-Wireguard VPN that encapsulates the whole network
-An effective killswitch to ensure no traffic goes to the normal WAN connection if the VPN server is down.
-Maybe a way to route a spesific static internal IP around the VPN were it required.

I really don't understand why it's so complicated on Opnsense or why it seems to be such a niche requirement. But I just need help to try and get a stable wire guard whole network connection in Opnsense, so any guidance please would be extremely appreciated.

Many thanks

LovelyCupOfTea