[Solved] Proton VPN two gateways

Started by aes, March 11, 2024, 03:26:25 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 11, 2024, 03:26:25 PM Last Edit: March 11, 2024, 10:19:30 PM by aes
Has anyone managed to configure two wireguard endpoints successfully in gateway group?

I have one working endpoint and cannot figure out how to make the second one function despite having followed almost the exact same steps in configuring both of them; the only difference being how the addresses are configured on wireguard > settings > instances:

for connection1 I have configured the default values provided in proton config
Code Select

peer
| public key       | .conf > Peer PublicKey                  |
| allowed ips      | .conf > Peer AllowedIps (0.0.0.0/0)     |
| endpoint address | .conf > Peer Endpoint (196.196.203.202) |
| endpoint port    | .conf > Peer Endpoint (51820)           |

instance
| public key     | .conf > Peer PublicKey                  |
| private key    | .conf > Interface PrivateKey            |
| listen port    | .conf > Peer Endpoint port (51820)      |
| tunnel address | .conf > Interface Address (10.2.0.2/32) |
| peers          | proton_peer1                            |
| disable routes | check                                   |
| gateway        | tunnel address -1 (10.2.0.1)            |

for connection2 the same except tunnel, gateway and endpoint
Code Select

peer
| public key       | .conf > Peer PublicKey                  |
| allowed ips      | .conf > Peer AllowedIps (0.0.0.0/0)     |
| endpoint address | .conf > Peer Endpoint (194.34.132.55)   |
| endpoint port    | .conf > Peer Endpoint (51820)           |

instance
| public key     | .conf > Peer PublicKey                  |
| private key    | .conf > Interface PrivateKey            |
| listen port    | .conf > Peer Endpoint port (51820)      |
| tunnel address | .conf > Interface Address (10.3.0.2/32) |
| peers          | proton_peer2                            |
| disable routes | check                                   |
| gateway        | tunnel address -1 (10.3.0.1)            |

then both are assigned and configured in interface assignments. at this point peer 1 handshake succeeds but peer2 doesnt.
is there some gotcha i'm missing?
March 11, 2024, 04:47:28 PM #1
What if you switch the port on one of the Instances to anything other than 51820, like 51821?

https://schnerring.net/blog/opnsense-baseline-guide-with-vpn-guest-and-vlan-support/#remote-peers

miroco
March 11, 2024, 10:19:12 PM #2
its always something so simple isn't it? that'd be it, thanks!
Print
Go Up Pages1
User actions