Help with Selective Routing (wireguard & AirVPN)

Started by reolink1892, January 11, 2024, 12:32:07 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 11, 2024, 12:32:07 AM
I am attempting to get selective routing to work using a couple of clients but unsuccessful in my attempts.  I have used the following guide in order to attempt to get this to work as it's from the AirVPN forum. 

https://airvpn.org/forums/topic/56844-howto-opnsense-and-wireguard-to-airvpn/

I'm wondering if anyone has this working? My AIRVPN client area shows that there is one session connected however any client doesn't seem to be going via VPN.

I'm hoping someone can have a look at my config below and see if there's anything obvious that's sticking out? Or anything that is wrong with that guide?

Links to my config below:

https://ibb.co/rvzRQRs
https://ibb.co/KD2xM7x
https://ibb.co/kX5sFgq
https://ibb.co/89SN30r
https://ibb.co/rbbXfYk
https://ibb.co/GMVrkjF
https://ibb.co/Bf8S0DB
https://ibb.co/YBHSRZy
https://ibb.co/DkRrxz0
January 11, 2024, 04:06:20 AM #1 Last Edit: January 11, 2024, 04:09:35 AM by Koldnitz
That guide didn't work for me; I spent better part of a Saturday / Sunday messing with it.

I had better luck with this one (just use AirVPN's information from the config you generate):

https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

That being said I have been connected for over a week, but I haven't really set a computer on the IP that is supposed to be routed to test it (I have had a solid handshake for a little over a week but it randomly craps out and then come back up).

Just getting the connection to work (Have a handshake) took me forever and I want to have a decent amount of time (IE another weekend) to spend if it isn't work routing correctly.

Cheers,

Edit: Also I have had it fix itself (connect and resume handshaking) upon router reboot.  If you follow the guide and it isn't working try that before ripping your hair out (someone on these forums recommended it and it worked for me as it did for them...I have no idea why though)
January 11, 2024, 10:19:07 AM #2
Quote from: Koldnitz on January 11, 2024, 04:06:20 AM
That guide didn't work for me; I spent better part of a Saturday / Sunday messing with it.

I had better luck with this one (just use AirVPN's information from the config you generate):

https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

That being said I have been connected for over a week, but I haven't really set a computer on the IP that is supposed to be routed to test it (I have had a solid handshake for a little over a week but it randomly craps out and then come back up).

Just getting the connection to work (Have a handshake) took me forever and I want to have a decent amount of time (IE another weekend) to spend if it isn't work routing correctly.

Cheers,

Edit: Also I have had it fix itself (connect and resume handshaking) upon router reboot.  If you follow the guide and it isn't working try that before ripping your hair out (someone on these forums recommended it and it worked for me as it did for them...I have no idea why though)

thanks, i have actually used both guides but still no luck.  If you look at one of my screenshots, would you suggest I have a valid connection?  My AirVPN portal shows a connected session with handshakes showing recent timestamps.
January 11, 2024, 12:45:23 PM #3
You are not following the gateway IP set up that the Opnsense guide suggests in step 2 or the monitor IP in step 6?

Sorry man work soon so I was skimming pictures apologies if you did.

You definitely rebooted the router?
January 11, 2024, 12:54:58 PM #4
no probs and yeah i have and yeah i've rebooted router.
January 12, 2024, 04:59:42 AM #5
I have confirmed mine is working with an AirVPN WireGuard server.

I had some rules out of order and my outbound rule was disabled .... but once I fixed everything it is working and there are no DNS leaks.

I think you are going to have to triple check your config / make sure you didn't not follow the guide somewhere.

Cheers,
January 12, 2024, 11:34:31 AM #6
I think I found the issue.  On the guide I followed, it said to create an outbound rule on the VLAN where I wanted the clients to go through VPN.  I changed that rule to inbound and it seems to work now however I am finding that my Wireguard performance is ridiculously slow.  How is your performance?

I have AirVPN configs downloaded to my laptop and iPhone and they are blazingly fast.
January 12, 2024, 02:12:08 PM #7
Quote from: reolink1892 on January 12, 2024, 11:34:31 AM

I have AirVPN configs downloaded to my laptop and iPhone and they are blazingly fast.

Try to play with the MTU (On both sides same value - Dont know if your VPN service published their MTU).
Something between 1412 and 1380 should do the trick.
It also depends a bit on IPv4 only or IPv6.
You can try it by hand or follow this guide and test it with iperf: https://gist.github.com/nitred/f16850ca48c48c79bf422e90ee5b9d95
Print
Go Up Pages1
User actions