WireGuard ProtonVPN connection active, but unable to receive responses

[ctrom]

Try to go here and check if returns the proton public ip or the ip of your ISP: dnsleaktest.com.

I cannot navigate to that website or any other through the VPN. The data I've collected suggests packets are going out and responses are not coming back.

You monitor the wan interface, younshall consider that it is a phisical interface and the wireguard works "inside that"...you should see the same message going outside on both gateways and Not only on the wan.

Yes, if I monitor both the WAN interface and the wg0 interface while performing a "ping 8.8.8.8", I can see the traffic on both:

wg0:

Code Select Expand

# tcpdump -ni wg0
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on wg0, link-type NULL (BSD loopback), snapshot length 262144 bytes
17:08:50.953725 IP 10.2.0.2 > 8.8.8.8: ICMP echo request, id 6820, seq 0, length 64
17:08:51.953836 IP 10.2.0.2 > 8.8.8.8: ICMP echo request, id 6820, seq 1, length 64
17:08:52.954017 IP 10.2.0.2 > 8.8.8.8: ICMP echo request, id 6820, seq 2, length 64
17:08:53.954193 IP 10.2.0.2 > 8.8.8.8: ICMP echo request, id 6820, seq 3, length 64
17:08:54.954359 IP 10.2.0.2 > 8.8.8.8: ICMP echo request, id 6820, seq 4, length 64
17:08:55.954612 IP 10.2.0.2 > 8.8.8.8: ICMP echo request, id 6820, seq 5, length 64

WAN:

Code Select Expand

# tcpdump -ni igc0 host 79.127.136.222
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on igc0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
17:08:50.953776 IP {WAN IP redacted}.51820 > 79.127.136.222.51820: UDP, length 128
17:08:51.953890 IP {WAN IP redacted}.51820 > 79.127.136.222.51820: UDP, length 128
17:08:52.954072 IP {WAN IP redacted}.51820 > 79.127.136.222.51820: UDP, length 128
17:08:53.954242 IP {WAN IP redacted}.51820 > 79.127.136.222.51820: UDP, length 128
17:08:54.954401 IP {WAN IP redacted}.51820 > 79.127.136.222.51820: UDP, length 128
17:08:55.954697 IP {WAN IP redacted}.51820 > 79.127.136.222.51820: UDP, length 128

[FredFresh]

I was trying to comment each points of your configurations but it seems you deviated A LOT from the Road warrior guide:
first this https://docs.opnsense.org/manual/how-tos/wireguard-client-proton.html
later this https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html#step-3-turn-on-wireguard

pay attention that the second page has the first part that overlap the specific Proton guide, avoid that first part

The best way is to start with the simplest configuration, once it works you can start making changes otherwise you do not know what went wrong.

Please, backup you config, clean the additional settings of the VPN (nat, firewall rules, normalization, devices...just keep peer and instance).

The guide works, what is not there shall not be changed or implemented....and do not ask to IA but here.

Once you implemented the standard configuration, if you have doubts, just write here.


I have also Proton and I can guarantee that the guide works.