Surfshark Wireguard connection on PPPoe Wan Not working

Started by LovelyCupOfTea, April 02, 2024, 04:55:28 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 02, 2024, 04:55:28 PM
Hi There,

So I have been round and round in circles trying to get wire guard set up with my fibre PPPoe connection here in the UK, I temporarily abandoned opnsense after it randomly stopped connecting to the vpns I had set up and tried with PFsense, Got PFsense working first time round with a surf shark guide, restarted it to confirm it was still good and this broke everything, Apparently a known issue with PFsense and PPPoe connections using wire guard

(Pfsense issue with PPPOe)
https://forums.lawrencesystems.com/t/gateway-disabled-after-reboot/13220/2

So I reverted back to a fresh install on Opnsense and followed the guide from "0x2142 - Networking Nonsense" on the Mullvad Wireguard connection , with a few additions of using both public and private key, Adding the DNS server in the Instance and finally changing my LAN MSS to 1412 or 1372 as outlined in the surfshark PFsense guide, but could not get this to resolve web pages, the connection was there but no DNS resolution it would appear.

(First Guide I used which worked then it stopped)
https://www.youtube.com/watch?v=b58PpuIsQ3A&t=793s

Suffice to say I am well and truly stuck; I found this guide on Airvpn about the method to use with them and will give this a try also but seems to take a different approach, but the person writing the guide states it might not be correct.

(AirVPN Guide I found)
https://airvpn.org/forums/topic/56844-howto-opnsense-and-wireguard-to-airvpn/

Here is my video of my entire configuration below, if anyone can spot my mistakes, please let me know, I have spent probably about 50 hours trying to get wireguard working on PF and Opnsense reliably and I simply cannot do it, I am going a little mad as I don't like to give up. It works then it doesn't for no rhyme or reason. I must be doing something wrong somewhere, and guides for Opnsense wireguard are far apart. If anyone has an up to date 2024 guide for setting up somthing like Surfhshark wireguard up for Opnsense please point me in the right direction. I have looked at the Opnsense guides directly but again nothing I do with these seems to help.

(My setup)
https://youtu.be/wubDkH3-CPc

This is like a 5 min job on an Asus merlin router, it's so simple to do on them. But the throughput on wireguard is limited to around 500-600mb and then also there is a known issue where wire guard disables Nat acceleration on these therefore slowing local network speeds.

My requirement is simply of a

-Wireguard VPN that encapsulates the whole network
-An effective killswitch to ensure no traffic goes to the normal WAN connection if the VPN server is down.
-Maybe a way to route a spesific static internal IP around the VPN were it required.

I really don't understand why it's so complicated on Opnsense or why it seems to be such a niche requirement. But I just need help to try and get a stable wire guard whole network connection in Opnsense, so any guidance please would be extremely appreciated.

Many thanks

LovelyCupOfTea
April 02, 2024, 06:59:47 PM #1
Hi there,
just skipped over her from my post.

As I understand, you are trying to dial into a public server with your opnsense box? The setup I am doing is exactly the other way around. I am phoning home from my devices.
So I am sorry, but I do not have experience with that. What was most troubling in my setup was the whole switcharoo of keys. Took me quite a drawing to make sure I understand which key goes where in the configs.
April 02, 2024, 07:02:50 PM #2
No worries Chris, thanks for taking the time to respond. Hope we both get the the bottom of our issues here!
April 02, 2024, 10:21:13 PM #3
Surfshark doesn't run well on *Sense. Also their servers are often unreliable so it is hard to tell. And it seems you are technically not competent but a beginner. Good luck.
April 02, 2024, 10:28:31 PM #4
Bit harsh but I would say I am competent technically, but in networking have an intermediate understanding.

We all have to learn somewhere don't we and throwing around insults when someone is genuine asking for help seems a strange approach?

If you can see where my configuration is incorrect would be grateful for you to point this out if you are more technically advanced?

Or would this be a waste of time?
April 02, 2024, 10:31:45 PM #5
Quote from: Bob.Dig on April 02, 2024, 10:21:13 PM
Surfshark doesn't run well on *Sense. Also their servers are often unreliable so it is hard to tell. And it seems you are technically not competent but a beginner. Good luck.

Would Appreciate constructive responses please.
April 04, 2024, 09:35:59 PM #6
Given no answer on how to actually get this working properly Got my self a gl.inet Flint 2 running open wrt. Took me all of about 5 min to get wireguard tunnel for whole network set up even with the odd static ip exclusion.

In opnsense and pfsense doing this is way overly complicated and still was not able to get it to actuslly work. Opnsense need to massively simplify this.

Flint 2 can do just under 1gbs wireguard amd my local LAN speeds were good so I think the Nat acceleration issue with asus routers slowing local LAN when wireguard is enabled must be an Asus issue.

Had two of these Flint 2 routers running for a couple of days at two locations and so far so good. Brilliant wireguard throughput

Hope this helps all be it not the answer you might be wanting
Print
Go Up Pages1
User actions