Search the Community

This is an updated version of this guide. I hope it gets moved soon to the guides section. This guide should be complete now, but please note that the IPv6 port forwarding might not be 100% complete. Any advice is appreciated. Disclaimer In general, DO NOT TRUST ME! I'm not a security expert. I do not know what I'm doing here! This guide is based on: OPNsense 24.7.12_4-amd64 FreeBSD 14.1-RELEASE-p6 OpenSSL 3.0.15 Update: 2025-03-27: I updated to the latest version and this Guide is still correct OPNsense 25.1.4_1-amd64 FreeBSD 14.2-RELEASE-p1 OpenSSL 3.0.16 It should work in previous and future versions of OPNsense, but I can't guarantee it This guide is based on the official Instructions but required modification: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html it is also based on this guide. It's however not 100% correct, so I adjusted base on the official OPNsense guide and included the IPv6 setup. This is why I started a new guide instead of altering my previous one, inspired by the original Sj0r guide. 1. Preparation (not required if you access the firewall from LAN) Some advice here… Opening the WAN interface to allow administration is not good! I am doing this because the firewall sits in my private LAN, and I'm not doing any port forwarding on my main router ! If your firewall is connected directly to the internet, do not do this! Again, in general, DO NOT TRUST ME! I'm not a security expert. I do not know what I'm doing here! Now that you know it… 1.1 Deselect “Block private networks” and “Block bogon networks” in Interfaces → WAN. After doing so: hit save and “Apply changes”. 1.2 Select "Disable reply-to" in Firewall → Settings → Advanced. Hit save at the end. 1.3 Add incoming WAN rule to allow administration. Go to Firewall → Rules → WAN Add a TCP rule from "WAN net" to "This Firewall" on HTTPs. 2. Information gathering. We'll grab some info that we need to configure the WireGuard Tunnel. 2.1 Login to the AirVPN Website. 2.2 Got to VPN Devices. 2.3 Add a new device. 2.4 Go to Config Generator. 2.5 In "Choose your OS" select "router". 2.6 In "Choose protocols" select "WireGuard. 2.7 In "Choose your device/connection" Select the device you have created in 2.3 2.8 Select your country under "By Countries". I selected Germany this time. 2.9 Scroll way down and download your config. This is an example of a WireGuard config: (the keys and IP are random and will not work, use your own) [Interface] Address = 10.10.10.10/32 PrivateKey = X72xgdx23XDomnSXmcy#S4Jc#9Y5G*vU$wg^n499yn6 MTU = 1320 DNS = 10.128.0.1 [Peer] PublicKey = VTSQ77Uk4^&RY4h%S$#9h8PR2T&xyya&yPTtk6oD^m$ PresharedKey = b7&&7bntmCS5q%&4J*mSKBAUvV4XEqHerwscvbappXQ Endpoint = nl3.vpn.airdns.org:1637 AllowedIPs = 0.0.0.0/0 PersistentKeepalive = 15 3. Setup IPv6 base configuration on your LAN. We need to ensure that IPv6 communication is working on your LAN interface before we establish the VPN tunnel. Please note that I do not have an IPv6 address configured on my WAN interface to be distributed to LAN for security. Instead, I use a ULA address on the LAN. For those who do not know what ULA addresses are, these are the IPv6 equivalent to IPv4 private addresses like 10.x or 192.168.x. They are only routable on the LAN, and you will not be able to use them to reach an IPv6 destination on the internet. 3.1 WAN 3.1.1 Go to Interfaces → WAN The WAN interface looks like this: 3.2 LAN 3.2.1 Go to Interfaces → LAN The LAN interface looks like this in the upper section: Now we set up the IPv6 Configuration. 3.2.2 generate yourself a ULA address using this site: https://unique-local-ipv6.com/ 3.2.3 Enter the IPv6 network you have generated into the “IPv6 address” field and add “::1” at the end. Hit Save. 3.3 LAN DHCP IPv6 3.3.1 Go to Services → ISC DHCPv6 → LAN 3.3.2 In the Range section under from add your IPv6 network address from 3.2.2 and add a “::1000” to the end. In the to section, add your IPv6 network address again and this time add a “::2000” to the end. Hit Save at the bottom of the page. 3.4 Router advertisement 3.4.1 Go to Services → Router Advertisement → LAN 3.4.2 Set Router Advertisements to Managed Hit Save at the bottom of the page. 3.5 Test IPv6 configuration Now you should test if you can ping the OPNsense firewall IPv6 address from the LAN. 3.5.1 Connect a client to the LAN 3.5.2 On Linux or Windows, open a terminal and type ping -6 and the IPv6 from 3.2.1 ending with ::1 like “ping -6 fd2d:7173:d519::1”. This needs to be successful! If this is not successful, fix it! Only continue once this is successful!!! 4. WireGuard configuration. In the current Version of OPNsense you do not need to install the WireGuard plugin, this is already installed. 4.1 Peer configuration 4.1.1 in OPNsense go to VPN → WireGuard → Peers. 4.1.2 Create a peer with the following information: 4.1.3 Name: wg_airvpn_<country code>. Mine is called WG-AirVPN-DE 4.1.4 Public key: <PublicKey under heading [Peer] of your generated WG Config> 4.1.5 Pre-shared key <presharedKey under heading [Peer] of your generated WG Config> 4.1.6 Allowed IP's: 0.0.0.0/0 and ::/0 for IPv6 support 4.1.7 Endpoint Address: <Endpoint under heading [Peer] of your generated WG Config> 4.1.8 Endpoint port: 1637 (default port) 4.1.9 Keepalive interval: 15 (default interval) 4.2 Instance configuration 4.2.1 In OPNsense go to VPN → Wireguard → Settings → Instances 4.2.2 Create an instance with the following information: 4.2.3 Enable Advanced Mode. (upper left corner) 4.2.4 Name: <Endpoint Name i.e. WG-Inst-AirVPN-DE> 4.2.5 Private Key: <PrivateKey under heading [Interface] of your generated WG Config> 4.2.6 MTU: 1320 4.2.7 DNS servers <DNS Servers of your generated WG Config> 4.2.8 Tunnel Address: <Address including /32 under harding [Interface] of your generated WG Config> Please review the screenshot below. For IPv6 add the given address and instead of /128 chose /64 to reach the gateway for gateway monitoring. 4.2.9 Peers: <select peer that you created with step 4.1> 4.2.10 Disable routes: Enabled. 4.2.11 Gateway: 10.128.0.1 Hit Save 4.3 Enable WireGuard configuration Go to VPN → WireGuard → Instance and click on "Enable WireGuard" 4.4 Assign WireGuard Interface 4.4.1 in OPNsense go to Interfaces → Assignments 4.4.2 You'll find a “wg0(WireGuard - WG-Inst-AirVPN-DE)” (or similar) interface. 4.4.3 Type a Description, I've picked “[IntAirVPNDE]” and click Add. 4.5 Enable the Interface 4.5.1 Interfaces → Assignments → [IntAirVPNDE] 4.5.2 Enable: Enable the Interface. No further configuration required. Ensure the “Block private networks” and “Block bogon networks” options are not selected, as shown below. 4.6 Create a gateway - IPv4 4.6.1 In OPNsense go to System → Gateways → Configuration 4.6.2 Add a Gateway with the following information: 4.6.3 Name: GW-AirVPN-DE-v4 4.6.4 Interface: Select IntAirVPNDE as created in step 4.4 4.6.5 Address Family: IPv4 4.6.6 IP address: 10.128.0.1 4.6.7 Far Gateway: Enabled 4.6.8 Disable Gateway Monitoring: Disabled. 4.6.9 Monitor IP: 10.128.0.1 4.7 Create a gateway - IPv6 4.7.1 In OPNsense go to System → Gateways → Configuration 4.7.2 Add a Gateway with the following information: 4.7.3 Name: GW-AirVPN-DE-v6 4.7.4 Interface: Select IntAirVPNDE as created in step 4.4 4.7.5 Address Family: IPv6 4.7.6 IP address: fd7d:76ee:e68f:a993::1 (use the IPv6 DNS server from the WG Config) 4.7.7 Far Gateway: Enabled 4.7.8 Disable Gateway Monitoring: Disabled. 4.7.9 Monitor IP: fd7d:76ee:e68f:a993::1 (same as 4.7.6) 5. Alias Create at least one alias for the DNS configuration to prevent DNS leaks. You might want to create a separated alias for clients you want to run through the VPN, but as I do not need this, I skip it. The idea of how to set this up is similar. Please note for DNS leaks, there are multiple ways to prevent DNS leaks. I tested mine using ipleak.net and dnsleaktest.com. There is also a complete section about dealing with DNS leaks in the OPNSense guide. 5.1 Alias setup 5.1.1 Create the DNS alias. Firewall → Aliases 5.1.2 Click add 5.1.3 Enable: selected 5.1.4 Name: VPN_DNS_Server 5.1.5 Type: Host(s) 5.1.6 Content: 10.4.0.1, 10.128.0.1, 10.5.0.1, 10.7.0.1, fd7d:76ee:e68f:a993::1 5.2 Forward all DNS queries to the VPN DNS servers This might collide if you got clients on your LAN which should not go through the VPN, so this might need adjustments then. 5.2.1 Go to Firewall → NAT → Port Forward and click "+" to add a new rule. 5.2.2 Interface: LAN 5.2.3 TCP/IP Version: IPv4+IPv6 5.2.4 Protocol: TCP/UPD 5.2.5 Source: LAN net 5.2.6 Destination: Any 5.2.7 Destination port range: from: DNS to: DNS 5.2.8 Redirect target IP: VPN_DNS_Server (the Alias created in 5.1) 5.2.9 Redirect target port: DNS 5.2.10 Description: Redirect DNS requests from LAN to VPN DNS servers 5.2.11 NAT reflection: Disabled 5.2.12 Filter rule association: None 6. Outbound NAT 6.1 Switch to hybrid rules 6.1.1 Go to Firewall → NAT → Outbound 6.1.2 Select "Hybrid outbound NAT rule generation" 6.1.3 Click Save then apply the change 6.2 Add IPv4 outbound rule 6.2.1 Click the "+" to add a new rule 6.2.2 Interface: IntAirVPNDE (the interface created in 4.4) 6.2.3 TCP/IP Version: IPv4 6.2.4 Protocol: Any 6.2.5 Source address: LAN net 6.2.6 Source port: Any 6.2.7 Destination address: Any 6.2.8 Destination port: Any 6.2.9 Translation / target: Interface address 6.2.10 Pool Options: Default 6.2.11 Description: LAN to AirVPN-DE IPv4 6.3 Add IPv6 outbound rule 6.3.1 Click the "+" to add a new rule 6.3.2 Interface: IntAirVPNDE (the interface created in 4.4) 6.3.3 TCP/IP Version: IPv6 6.3.4 Protocol: Any 6.3.5 Source address: LAN net 6.3.6 Source port: Any 6.3.7 Destination address: Any 6.3.8 Destination port: Any 6.3.9 Translation / target: Interface address 6.3.10 Pool Options: Default 6.3.11 Description: LAN to AirVPN-DE IPv6 7. LAN to VPN firewall rule With this rule, we point all LAN clients through the VPN. 7.1 IPv4 LAN to VPN rule 7.1.1 Go to Firewall → Rules → LAN and click on the "+" to add a new rule 7.1.2 Action: Pass 7.1.3 Quick: Apply the action immediately on match. (make sure it's enabled, as shown in the screenshot) 7.1.4 Interface: LAN 7.1.5 Direction: In 7.1.6 TCP/IP Version: IPv4 7.1.7 Protocol: Any 7.1.8 Source: LAN net 7.1.9 Destination: Any 7.1.10 Description: LAN to VPN IPv4 7.1.11 Gateway: GW-AirVPNDE-v4 - 10.128.0.1 (Created in 4.6) 7.2 IPv6 LAN to VPN rule 7.2.1 Go to Firewall → Rules → LAN and click on the "+" to add a new rule 7.2.2 Action: Pass 7.2.3 Quick: Apply the action immediately on match. (make sure it's enabled, as shown in the screenshot) 7.2.4 Interface: LAN 7.2.5 Direction: In 7.2.6 TCP/IP Version: IPv6 7.2.7 Protocol: Any 7.2.8 Source: LAN net 7.2.9 Destination: Any 7.2.10 Description: LAN to VPN IPv6 7.2.11 Gateway: GW-AirVPNDE-v6 - fd7d:76ee:e68f:a993::1 (Created in 4.7) 7.3 Block all other traffic rule This ensures that all other traffic is blocked. It's not really needed but gives me a better feeling. It will collide if you got clients on your LAN which do not run through the VPN. 7.3.1 Go to Firewall → Rules → LAN and click on the “+” to add a new rule 7.3.2 Action: Block 7.3.3 Quick: Apply the action immediately on match. (make sure it's enabled, as shown in the screenshot) 7.3.4 Interface: LAN 7.3.5 Direction: In 7.3.6 TCP/IP Version: IPv4 + IPv6 7.3.7 Protocol: Any 7.3.8 Source: LAN net 7.3.9 Destination: Any 7.3.10 Description: Block all other traffic LAN to VPN IPv6 7.3.11 Gateway: default Make sure these new rules are on top of the LAN firewall rules. If they are not, traffic might go through other rules and not through the VPN. 8. Port Forwarding for applications like BitTorrent If you want to make one or more clients reachable from the internet, like you need to do when you are doing file-sharing, follow the below to make it work for Pv4 and IPv6. Please note that this is confirmed to working with IPv4, but I'm not 100% sure how to make this fully work with IPv6. You can use an IPv6 port testing tool to confirm that the port is indeed open, but not many IPv6 clients really manage to connect to me. There must be something else I'm missing here. Please help me to get this right so we can complete this guide. So far, this functionality is limited. Ensure that you got the Port Forwarding properly configured in the AirVPN Member section. You need a port from the :1 pool and this port needs to be forwarded to the device configured in 2.3 8.1 Setup IPv4 Firewall rule for incoming connections 8.1.1 Go to Firewall → Rules → IntAirVPNDE 8.1.2 Action: Pass 8.1.3 Quick: Apply the action immediately on match. (make sure it's enabled, as shown in the screenshot) 8.1.4 Interface: IntAirVPNDE 8.1.5 Direction: In 8.1.6 TCP/IP Version: IPv4 8.1.7 Protocol: TCP/UDP 8.1.8 Destination: *the IPv4 address of your client*/32 8.1.9 Destination port range: *your port* 8.1.10 Description: YourRule IPv4 8.1.11 Advanced features: Enabled 8.1.12 reply-to: GW-AirVPN-DE-v4 10.128.0.1 8.2 Setup IPv6 Firewall rule for incoming connections This is equal to the 8.1 setup. Differences are marked bold: 8.2.1 Go to Firewall → Rules → IntAirVPNDE 8.2.2 Action: Pass 8.2.3 Quick: Apply the action immediately on match. (make sure it's enabled, as shown in the screenshot) 8.2.4 Interface: IntAirVPNDE 8.2.5 Direction: In 8.2.6 TCP/IP Version: IPv6 8.2.7 Protocol: TCP/UDP 8.2.8 Destination: *the IPv6 address of your client*/128 8.2.9 Destination port range: *your port* 8.2.10 Description: YourRule IPv6 8.2.11 Advanced features: Enabled 8.2.12 reply-to: GW-AirVPN-DE-v6 fd7d:76ee:e68f:a993::1 8.3 Port Forwarding IPv4 8.3.1 Go to Firewall → NAT → Port Forward, click “*” to create a new rule 8.3.2 Interface: IntAirVPNDE 8.3.3 TCP/IP Version: IPv4 8.3.4 Protocol: TCP/UDP 8.3.5 Destination: This Firewall 8.3.6 Destination port range: The port range from 8.1.9 and the Member section 8.3.7 Redirect target IP: Same as 8.1.8 8.3.8 Redirect target port: same as 8.3.6 8.3.9 Description: YourPortForward 8.3.10 NAT reflection: Disabled 8.3.11 Filter rule association: None 8.4 Port Forwarding IPv6 same as 8.3 just with the IPv6 adjustments 8.4.1 Go to Firewall → NAT → Port Forward, click “*” to create a new rule 8.4.2 Interface: IntAirVPNDE 8.4.3 TCP/IP Version: IPv6 8.4.4 Protocol: TCP/UDP 8.4.5 Destination: This Firewall 8.4.6 Destination port range: The port range from 8.2.9 and the Member section 8.4.7 Redirect target IP: Same as 8.2.8 8.4.8 Redirect target port: same as 8.4.6 8.4.9 Description: YourPortForward 8.4.10 NAT reflection: Disabled 8.4.11 Filter rule association: None That should be it. Please tell me if you got any issue.

I've a 2014 Mac mini server setup and I'm using Docker to run qBittorrent. I set up AirVPN on GlueTun using WireGuard as shown in the attached Docker Compose file. I've also set up port forwarding and tested it within the AirVPN port forwarding tool. (I followed this guide https://www.youtube.com/watch?v=SQEqsaKN-Go&t=350s for reference). My problem is that my torrent speeds are quite slow in qBittorrent (averaging 30-40Kbps), if I turn off the VPN I can easily hit speeds above 2-3Mbps. I'm wondering if I got something configured incorrectly, or if there are some settings I need to tweak on my end. compose.yml

I am trying to set up my new OpenWRT router with WireGuard and PBR while keeping IPv6 enabled. I found previous threads and followed some of the instructions found there, namely the ones on this page: https://openwrt.org/docs/guide-user/services/vpn/wireguard/client and this video by Dev Odyssey: https://www.youtube.com/watch?v=04q41GEPvKA The deviation from the above I made is to add the DNS servers, which are not in the OpenWRT page. I also created a "vpn" zone and added it to the default forwarder as in the video. I installed PBR and started it with IPv6 enabled. The WireGuard connection appears to be online. However, even though DNS resolution appears to work, I have no IPv4 connectivity and can only connect to IPv6 sites with my ISP's IPv6 address. So basically even though the WireGuard connection is established and has a small amount of TX and RX I don't appear to be able to use the tunnel at all (except for DNS resolution so I can reach AirVPN's DNS). I'm at a loss how to troubleshoot this. Anybody able to assist?

Hi, I'm trying to setup wireguard in a way that only applications i set to use the wg's interface will route its traffic through the VPN, with port forwarding enabled. I was under the impression that something like the following should work, but it doesn't: [Interface] Address = 10.184.118.49 PrivateKey = [redacted] MTU = 1320 DNS = 9.9.9.9 [Peer] PublicKey = [redacted] PresharedKey = [redacted] Endpoint = ip:port AllowedIPs = 10.184.118.0/24 PersistentKeepalive = 15 If I set the AllowedIPs to 0.0.0.0/0 then I can port forward, but all my traffic is routed over the VPN, and I don't want that. Is something like this possible with AirVPN? Thank you, Alonzo

I don’t know what has changed.. but my router and home network is disconnected from the internet. I checked server status and several servers are offline I am connecting to us3.vpn.airdns.org using wireguard in Opnsense this used to round about reconnect but is no longer…. Having a faster connection is nice and all.. but open vpn with the remote command actually reconnects to a different server when one goes down!

I have been attempting to connect to AirVPN servers through Wireguard on Ubuntu 24.04.1 LTS, but after I connect I cannot access the Internet. I followed the directions here: https://airvpn.org/linux/wireguard/terminal/ On the Config Generator, I selected Linux, then the Wireguard UDP protocol, then downloaded the Europe config. I renamed it to wg_europe.conf and placed it in a folder named airvpn. Then I ran: sudo wg-quick up /home/myuser/airvpn/wg_europe.conf which worked successfully. From here on out, I cannot access the Internet. Going to google.com or anything else in Firefox results in a Server Not Found. ping 1.1.1.1 and ping 8.8.8.8 both fail, but I CAN ping the IP address under [Interface] in the wg_europe.conf file. When I run `sudo wg` in a terminal, I get this output: interface: wg_europe public key: <redacted> private key: (hidden) listening port: 46776 fwmark: 0xca6c peer: <redacted> preshared key: (hidden) endpoint: 213.152.162.76:1637 allowed ips: 0.0.0.0/0, ::/0 latest handshake: 3 minutes, 49 seconds ago transfer: 23.30 KiB received, 88.00 KiB sent persistent keepalive: every 15 seconds When I run `wg-quick down /home/myuser/airvpn/wg_europe.conf`, I still cannot connect to the Internet and I have to restart my computer every time to start over. Some help would be greatly appreciated!

So, I'm not sure if this is an issue with airvpn or my pivpn setup (probably the latter), but here's the rundown: I thought this was the same issue as a question I've asked before, but none of the suggestions helped. The way my network is currently structured is I have a wireguard tunnel on my college computer, that I'm using to connect to a debian server back home hosting pivpn. That way, I can network mount all my drives, access my NAS, all that good stuff. The issue is that I'm only able to connect to one of the two VPNs at once. I have been able to connect to AirVPN, just not when ALSO tunneling through wireguard. But when I try to connect to AirVPN after connecting wireguard, or vice versa, it displays the same disconnect -> hop to next server behavior as in my last question above. Is there some sort of conflict here? Or just some stupid error on my part on my debian machine? I've attached my logs to this post as well. Any help is appreciated, thank you! Eddie_20250108_211647.txt

Hi, Recently subscribed to your services and on android mobile devices everything works great. Decided to swap my previous vpn credentials in Gluetun container, generated multiple conf files for different regions and whichever I pick is different server from one I choose to generate?! So picking Toronto it gives me Netherlands, picking New York it gives me Germany, etc. Port forwarding says the port is opened on your test client page area but in https://www.yougetsignal.com/tools/open-ports/ it shows closed?! So I am baffled a bit here. Is this by design or what's going on here? On android mobile devices such as samsung s21+ and Samsung tab s7+ gives me the right server I've generated. If you need screenshots let me know. Regards,

Hello all, I'm still fairly new to all this but I've learned that I can get better speeds with WireGuard protocols than with OpenVPN but with WireGuard I keep getting multiple handshake timeouts back to back. I've already set my my MTU to 1280, use only IPv4 in Eddie and even changed my WiFi channel to a less used one but despite all that it keeps getting timeout and then when it reconnects I have very low speeds. I don't know what to do and would aprreciate any help. Eddie_20241104_134626.txt

Hello all! I already once posted about this but thought I might do it again because it's been a while. I have the following issue that I'm getting handshake timeouts on a very frequent basis when I use TCP (or Wireguard?). The easy solution might be to just use UDP, but then my download speeds are really really low and then it's not really worth using the VPN anymore. I'm on a 2.4 GHz WiFi connection, unfortunately can't use 5 GHz or Ethernet due to router placement at home. I tried manually adjusting WiFi channel to a less crowded one but still didn't help. One user has suggested I should run my computer in safe mode with the networking drivers enabled, to see if any software is causing interferences and I was able to give my PC an internet connection via USB Tethering but I couldn't launch the Eddie client to get a VPN connection, so yea. Anyway, I really don't know what to do. I appreciate any answers and thank in advance. Kind regards!

This HOWTO describes how to connect to AirVPN with a Wireguard VPN tunnel from OPNsense. This is the first draft of this howto, i might add (more) screenshots later on. Version: 0.1 Date: 20231029 What we are going to achieve We'll create a single Wireguard VPN Tunnel, IPv4 Only. Traffic to the tunnel will be NATted Requirements OPNsense firewall is up-and-running and updated. This howto is based on version 23.7.7_1 You have basic knowledge on using OPNsense i.e. firewall rules, NAT, routing, gateways and aliases. AirVPN Premium Access Step 1. Information gathering We'll grab some info that we need to configure the Wireguard Tunnel. Go to the Client Area. Got to VPN Devices. Add a device or edit your existing device. Note your Public Key and IPv4 under the heading "Wireguard" Go back to the Client Aerea. Go to Config Generator Select "router" under "Choose your OS" Select "Wireguard under "Choose protocols" Select your country under "By Countries". I selected Netherlands Scroll way down and download your config. This is an example of a Wireguard config: (the keys and IP are random and will not work, use your own) [Interface] Address = 10.45.95.123/32 PrivateKey = X72xgdx23XDomnSXmcy#S4Jc#9Y5G*vU$wg^n499yn6 MTU = 1320 DNS = 10.128.0.1 [Peer] PublicKey = VTSQ77Uk4^&RY4h%S$#9h8PR2T&xyya&yPTtk6oD^m$ PresharedKey = b7&&7bntmCS5q%&4J*mSKBAUvV4XEqHerwscvbappXQ Endpoint = nl3.vpn.airdns.org:1637 AllowedIPs = 0.0.0.0/0 PersistentKeepalive = 15 Step 2. Create the Tunnel configuration Peer configuration: in OPNsense go to VPN|Wireguard|Settings|Peers. Create a peer with the following information: Name: wg_airvpn_<country code>. mine is called wg_airvpn_nl Public key: <PublicKey under heading [Peer] of your generated WG Config> Pre-shared key <presharedKey under heading [Peer] of your generated WG Config> Allowed IP's: 0.0.0.0/0 Endpoint Address: <Endpoint under heading [Peer] of your generated WG Config> Endpoint port: 1637 (default port) Keepalive interval: 15 (default interval) Instance configuration: in OPNsense go to VPN|Wireguard|Settings|Instances Create an instance with the following information: Enable Advanced Mode. Name: <Endpoint Name i.e. nl.vpn.airdns.org> Public Key: <Public Key as noted with step 1.4> Private Key: <PrivateKey under heading [Interface] of your generated WG Config> Listen Port: 1637 MTU: 1320 Tunnel Address: <Address including /32 under harding [Interface] of your generated WG Config> Peers: <select peer that you created with step 2.2> Disable routes: Enabled. Step 3. Make an exception on your WAN interface in OPNsense go to Firewall|Rules Select your WAN interface, mine is called WAN_PPPOE Create a Pass rule for IPv4/UDP port 1647 to your WAN-address. Step 4. Assign Wireguard Interface in OPNsense go to Interfaces|Assignments You'll find a "wg1(Wireguard - nl.vpn.airdns.org)" (or similiar) interface. bind it to an interface with a name of your choice. mine is called WAN_WG1 as is is the first site-to-site Wireguard tunnel on my WAN interface. Step 5. Create a gateway. Remember we disabled the routes for the WG instance configuration? Because of that we need to create a gateway. In OPNsense go to System|Gateways|Single Add a Gateway with the following information: Name: WAN_WG_GW Description: Interface WAN_WG1 Gateway Interface: Select WAN_WG1 as created in step 4. Address Family: IPv4 IP address: Dynamic (leave empty) Far Gateway: Enabled (this i am not sure of but for now i'm happy it works) Disable Gateway Monitoring: enabled Step 6. Aliases We set up some aliases. This will make it more easy to redirect some hosts or networks to the Wireguard tunnel. in OPNsense, go to Firewall|Aliases Create host entries for the specific hosts you'll redirect Create network entries for the specific network(s) you'll redirect. Create a Network Group Entry with the host and network entries to group them together. My alias is called networkgroup_wireguard Step 7. Create Outbound NAT for Wireguard. (In my setup, i use Manual Outbound Rule Generation because i like to have control) In OPNsense go to Firewall|NAT|Outbound Create a new Outbound NAT rule with the following information: Interface: WAN_WG1 TCP/IP version: IPv4 Protocol: Any Source Address: <alias networkgroup_wireguard from step 6> Translation /target WAN_WG1 address Description: Wireguard VPN Outbound NAT rule Step 8. Create Outbound Redirect rule. In this example we create 2 rules on our LAN interface, one for redirecting to WG, the other to prevent leaks. In OPNsense go to Firewall|Rules Select your LAN interface add an outbound Pass rule: Action: Pass Source: Networkgroup_wireguard Destination: Any (in my case i use an inverted network group called networkgroup_local where all my local vlans are grouped together) Gateway: WAN_WG1_GW (the gateway you created in step 5.) Add an outbound block rule below that: Action: Block Source: Networkgroup_wireguard Destination: Any Gateway: default Your WG VPN tunnel should now work. Test with https://ipleak.net The following steps are more advanced and i'm still finetuning/experimenting with the settings. your experience may vary. Step 9. Prevent VPN leakage I'm new to OPNsense and i am not sure what the default setting is, but from my pfSense experience i know the following setting is important when you want to make sure your VPN does not leak when for instance the tunnel is down. In OPNsense go to Firewall|Settings|Advanced Under "Gateway Monitoring" enable "Skip Rules when gateway is down" Step 10. MTU/MSS optimization For now i have set thte MTU according to the default setting of AirVPN. I want it to be higher but for now i'm just happy it works. My settings are as follows: In the properties of the WAN_WG1 interface i set the MTU to 1320 and the MSS to 1280. I created a normalize rule (Firewall|Settings|Normalization) with the following settings. this should enable me to clamp the MSS to 1280 for the wireguard group but leave the MSS to the desired setting (1452) as defined on my LAN interface for the rest of the hosts on my LAN; Interface: LAN Direction, Protocol: Any Source: networkgroup_wireguard Max MSS: 1280

Your DD-WRT guides are for OpenVPN. Any explanations for using WireGuard, which is much faster?

Hello everyone, I'm experiencing frequent disconnects when connecting over wireguard since quite some time. Changing to another server helps, however, the server itself (Menkent in this case) has no issues according to the status page. This happens on multiple devices (linux and macos), the handshake just fails: wireguard: wg2: Sending handshake initiation to peer 1 (213.152.176.140:1637) wireguard: wg2: Sending handshake initiation to peer 1 (213.152.176.140:1637) wireguard: wg2: Sending handshake initiation to peer 1 (213.152.176.140:1637) wireguard: wg2: Handshake for peer 1 (213.152.176.140:1637) did not complete after 5 seconds, retrying (try 2) This goes on for multiple iterations. Sometimes wireguards reconnects faster, sometimes it takes a lot of time. After a few seconds, we're back to: wireguard: wg2: Sending handshake initiation to peer 1 (213.152.176.140:1637) wireguard: wg2: Receiving handshake response from peer 1 (213.152.176.140:1637) [...] wireguard: wg2: Sending keepalive packet to peer 1 (213.152.176.140:1637) wireguard: wg2: Retrying handshake with peer 1 (213.152.176.140:1637) because we stopped hearing back after 15 seconds wireguard: wg2: Sending handshake initiation to peer 1 (213.152.176.140:1637) wireguard: wg2: Handshake for peer 1 (213.152.176.140:1637) did not complete after 5 seconds, retrying (try 2) wireguard: wg2: Sending handshake initiation to peer 1 (213.152.176.140:1637) wireguard: wg2: Handshake for peer 1 (213.152.176.140:1637) did not complete after 5 seconds, retrying (try 3) wireguard: wg2: Sending handshake initiation to peer 1 (213.152.176.140:1637) wireguard: wg2: Sending keepalive packet to peer 1 (213.152.176.140:1637) wireguard: wg2: Retrying handshake with peer 1 (213.152.176.140:1637) because we stopped hearing back after 15 seconds wireguard: wg2: Sending handshake initiation to peer 1 (213.152.176.140:1637) wireguard: wg2: Handshake for peer 1 (213.152.176.140:1637) did not complete after 5 seconds, retrying (try 2) wireguard: wg2: Sending handshake initiation to peer 1 (213.152.176.140:1637) wireguard: wg2: Handshake for peer 1 (213.152.176.140:1637) did not complete after 5 seconds, retrying (try 3) wireguard: wg2: Sending handshake initiation to peer 1 (213.152.176.140:1637) Anyone has an idea why it fails? In case it matters, my connection uses CGNAT. Edit: Forgot to mention that I use the regular Wireguard client, not Eddy or something. Config created via AirVPN website.

Hi, I have just finished setting-up a Flint2 router as a wireguard client. The Flint2 seats behind my primary router which provides it access to the WAN. I have downloaded a Wireguard config from the Config generator, loaded it and I can establish a connection with no problem. I have temporarily connected a PC to one of the LAN port and I can see that it's got the VPN IP when browsing. However when I test my forwarded port I get the following error: "Connection refused 111". Is there a specific FW rule in the Flint2 to set-up in order to accept incoming connections? Thanks for the help. T

Hello, It took me some time but I'm really warming up to AirVPN. I've just configured my first wireguard tunnel on pfsense. I created two VPN devices in the client area for the same physical machine: one for all OpenVPN connections and a new one for the wireguard connection. Am I right that I need to add another VPN device for every wireguard tunnel please? Thanks.

So in my router, under peers it is saying each peer (which would be a single wireguard connection/device in airvpn) needs a unique public key. Is airvpn suddenly not spitting out a separate public key for each connection? Or is my router (opnvpn) suddenly working differently?

TLDR Issue: When port forwarding is enabled, traffic forwarded from the VPN is being return via the WAN. So it's going AirVPN -> pfsense via VPN -> server -> pfsense via WAN -> Clear Internet. Software: pfsense 2.7.2-RELEASE, Package: WireGuard 0.2.1. Server: ubuntu 22.04.03 LTS I'm reaching out to the community because I'm out of ideas on how to fix what's going wrong. I'm not a network or firewall guru, I'm tech savy but clearly not enough to resolve my issue 😧. I followed the pfSense baseline setup guide available at nguvu.org to configure my pfsense. While the guide primarily focuses on using OpenVPN for the VPN setup, I adapted the instructions to use WireGuard instead but clearly I've missed something or fundermentally misunderstanding something. When I configure port forwarding using AirVPN with WireGuard to pfSense to my VPN network to a sever, I can see on a TCPDump the the initial inbound packets from AirVPN that's being port forwarded reaches the server, but each reply seems to vanish when returned to the router. Using diag_packet_capture on pfsense, I can see the inbound traffic from AirVPN, but when the server replies, it's going out on the WAN interface. Clearly there's some sort of gateway issue. I even tried to pay someone on Fiverr to fix it but they couldn't see any reason for it, they're claming it's a software defect, but seeing other people have somehow managed to do it, must be possible. Have I missed something silly? The port: The Server: These are my rules so far: WAN: WireGuard: Floating: VL20_VPN: Note: Selective_Routing (or VPN whitelist) isn't set: Gateways: Port Forward: Outbound NAT

It’s my understanding that OpenVPN is still under active development, with new features and fixes frequently being released. Wireguard development on the other hand, appears to be relatively quiet. I’ve read that the reason is that Wireguard is essentially a finished product, simple and lean by design, with nothing left to add and not much to fix. It’s that pretty accurate? I know OpenVPN has been working on DCO for a long time, but I don’t know what, if anything, Wireguard is working on?

Hi everyone, I did follow the guide posted here: [link] as good as I could. I ran ins some minor issues, but that should not be the root cause really. Furthermore, I documented my setup and posted a reply to the original author this time with screenshots so it could be used as help for everyone, like me, who is struggling with this. So as said, basically it's not working for me. I can't access anything from LAN. To me (noob) it looks like the tunnel is up, but I can't reach it. Looking at the gateway shows "defunct". To me, this does not sound good. In the WireGuard log, I get the following when I disable WireGuard and enable it again: I am a complete starter on OPNsense and WireGuard, before I was using pfSense and OpenVPN, but this is a bit different. So any help is much appreciated.

My current setup is pfSense Plus 23.09.01, with a vlan exiting all traffic via AirVPN. This works fine. The vpn traffic exits via a gateway group, when that gateway group has openVPN servers I can reach the site, when it's Wireguard servers the browser says the connection has timed out. Furthermore, I use Firefox with Duck Duck Go as the search engine, this fails to resolve any websites over Wireguard (when I use Google no problem), over openVPN I don't have any problems. Tried Brave browser, same result. I checked the route on the AirVPN site, it was ok! Again the only thing I have changed was the protocol. Site: https://oysta.co/account/login openVPN servers: Alathfar, Kital Wireguard servers: Betelgeuse, Alshain ISP: Virgin Media Any insight ? I'm not even sure how to troubleshoot this, nothing in the pfSense logs jumps out at me.

Hello, I'm reaching out to the forum because I recently subscribed to the service, and I'm having issues getting Transmission to work through the VPN. I'm using the WireGuard protocol on a Debian PC (headless without GUI). The WireGuard interface (wg0) is working fine; I can ping external addresses through it, use curl, and perform speed tests : The transmission-daemon also works perfectly when not going through the WireGuard interface but using my physical interface eth0. When I bind Transmission to the wg0 interface (specifying its IP in "bind-address-ipv4"), no traffic goes through the VPN. The trackers are unreachable, and the error "announce error: could not connect to tracker" appears. Running a netstat, I can see that Transmission is trying to connect to the tracker using various ports (why ?) through the WireGuard interface but never receives any traffic in return (SYN_SENT): However, these addresses are pingable through the wg0 interface: I've tried approaching the problem from different angles, and after several hours without any solution, I'd like to know if any of you have encountered a similar issue? (I should mention that my firewall is completely disabled for the tests). Thank you !

My knowledge is lower intermediate at best but let me explain myself. So I got the AIRVPN sub, setup port forwarding, setup port forwarding in qbitorrent and all seemed gravy. One problem the speeds are bad, like real bad terrible even. So I go on this forum and read a post about using wireguard with airvpn. So I download wireguard and generate a protocol thru this site and paste into the wireguard it connects. Speed much better and still says I'm in another country. Here's the rub: The torrent I'm downloading in qbitorrent is now saying "stalled" and I'm seeding nothing also Eddie is continuously saying "connecting" and "restarting". I read somewhere saying to go into protocols/ prefs/ uncheck auto/ choose wireguard/ and then save. No changes. I figured I did something wrong somewhere or didn't do something.... Now I'm wondering about something call DNS leaks? Basically any help you can give me would be appreciated.

Hi, I created the wireguard interface and applied the configuration on the init namespace. I then moved it to a "container" namespace with ip link set wg0 netns container ip -n container link set wg0 up I then add an ip to it, and add the default route on my container namespace to be on wg0, but i have no network connectivity. Looking at wireshark, it seems the packets can get out, but cannot come back. here is some additional info: gnuwu@anonynowo ~ $ sudo ip -n container a Password: 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000 link/sit 0.0.0.0 brd 0.0.0.0 9: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000 link/none inet 172.16.0.2/32 scope global wg0 valid_lft forever preferred_lft forever gnuwu@anonynowo ~ $ sudo ip -n container l 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/sit 0.0.0.0 brd 0.0.0.0 9: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/none gnuwu@anonynowo ~ $ sudo ip netns exec container wg show interface: wg0 public key: (hidden) private key: (hidden) listening port: 40816 peer: (hidden) preshared key: (hidden) endpoint: 213.152.161.236:1637 allowed ips: 0.0.0.0/0, ::/0 latest handshake: 59 seconds ago transfer: 3.76 KiB received, 71.90 KiB sent persistent keepalive: every 15 seconds gnuwu@anonynowo ~ $ sudo ip -n container r default dev wg0 scope link gnuwu@anonynowo ~ $ sudo ip netns exec container ping -c 4 1.1.1.1 PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data. --- 1.1.1.1 ping statistics --- 4 packets transmitted, 0 received, 100% packet loss, time 3068ms

I'm tired. The connection keeps disconnecting sometime after the screen is off, and yes "Pause VPN when screen is off" is disabled. I as well went to android VPN settings and checked "Always-on VPN" and the eddie client still disconnects me. I tried the wireguard client, and while it does not do random disconnections, it doesn't play nice with excluding local traffic, even when add them to the allowed IPs. The issue doesn't happen on OpenVPN, TCP or UDP, but I wish to use wireguard. Here is the settings and connection log. All of them have been ending with wireguard handshake expiry --- Settings dump --- AirVPN logged in user: VinXI AirVPN selected user key: Default airvpn_default_vpn_type: WireGuard airvpn_default_openvpn_protocol: UDP airvpn_default_openvpn_port: 443 airvpn_default_wireguard_port: 1637 airvpn_default_ip_version: IPv6overIPv4 airvpn_default_tls_mode: tls-crypt airvpn_quick_connect_mode: auto airvpn_cipher: SERVER airvpn_forbid_quick_connection_to_user_country: true airvpn_custom_bootstrap_servers: airvpn_server_whitelist: airvpn_server_blacklist: airvpn_country_whitelist: airvpn_country_blacklist: airvpn_current_local_country: Auto enable_master_password: false system_vpn_lock: true system_vpn_boot_priority: AirVPN-Best-Server,AirVPN-Default-Server,AirVPN-Default-Country,Default-VPN-Profile,Last-Connected-Profile system_vpn_reconnect: false system_vpn_reconnect_retries: -1 system_dns_override_enable: false system_dns_custom: system_proxy_enable: false system_persistent_notification: true system_notification_sound: true system_show_message_dialogs: true system_forced_mtu: system_application_filter_type: 0 system_application_filter: system_application_language: system_application_theme: System system_first_run: true system_start_vpn_at_boot: true system_last_profile_is_connected: true is_always_on_vpn: on vpn_lockdown: off system_exclude_local_networks: true system_pause_vpn_when_screen_is_off: false system_airvpn_remember_me: true ovpn3_tls_version_min: tls_1_2 ovpn3_protocol: ovpn3_ipv6: ovpn3_timeout: 60 ovpn3_tun_persist: true ovpn3_compression_mode: no ovpn3_synchronous_dns_lookup: false ovpn3_autologin_sessions: true ovpn3_disable_client_cert: false ovpn3_ssl_debug_level: 0 ovpn3_default_key_direction: -1 ovpn3_tls_cert_profile: ovpn3_proxy_host: ovpn3_proxy_port: ovpn3_proxy_allow_cleartext_auth: false ovpn3_custom_directives: --- VPN status --- Type: WireGuard Status: Not Connected Connection Mode: AirVPN server User: VinXI User Key: Default --- VPN profile --- Name: airvpn_server_connect Profile: airvpn_server_connect Status: ok Description: us.vpn.airdns.org Type: WireGuard Server: us.vpn.airdns.org Port: 1637 Protocol: UDP --- Log dump --- 01 Jan. 1970 00:00:00 UTC [Info] Start connection to best AirVPN server in United States of America - WireGuard, Protocol UDP, Port 1637 18 Jul. 2023 12:17:21 UTC [Info] Using user key 'Default' 18 Jul. 2023 12:17:21 UTC [Info] Local networks are exempted from the VPN 18 Jul. 2023 12:17:21 UTC [Info] WireGuardTunnel: successfully created a new WireGuard client 18 Jul. 2023 12:17:21 UTC [Info] Setting MTU to 1320 18 Jul. 2023 12:17:30 UTC [Info] Starting VPN thread 18 Jul. 2023 12:17:30 UTC [Info] Adding server IPv4 address 10.188.173.174/32 18 Jul. 2023 12:17:30 UTC [Info] Adding server IPv6 address fd7d:76ee:e68f:a993:d64b:ed40:171:7272/128 18 Jul. 2023 12:17:30 UTC [Info] Adding DNS IPv4 address 10.128.0.1 18 Jul. 2023 12:17:30 UTC [Info] Adding DNS IPv6 address fd7d:76ee:e68f:a993::1 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 10.188.173.174/32 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv6 route fd7d:76ee:e68f:a993:d64b:ed40:171:7272/128 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 10.128.0.1/32 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv6 route fd7d:76ee:e68f:a993::1/128 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 0.0.0.0/5 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 8.0.0.0/7 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 11.0.0.0/8 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 12.0.0.0/6 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 16.0.0.0/4 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 32.0.0.0/3 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 64.0.0.0/2 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 128.0.0.0/3 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 160.0.0.0/5 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 168.0.0.0/6 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 172.0.0.0/12 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 172.32.0.0/11 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 172.64.0.0/10 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 172.128.0.0/9 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 173.0.0.0/8 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 174.0.0.0/7 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 176.0.0.0/4 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 192.0.0.0/9 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 192.128.0.0/11 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 192.160.0.0/13 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 192.169.0.0/16 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 192.170.0.0/15 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 192.172.0.0/14 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 192.176.0.0/12 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 192.192.0.0/10 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 193.0.0.0/8 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 194.0.0.0/7 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 196.0.0.0/6 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 200.0.0.0/5 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 208.0.0.0/4 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 224.0.0.0/3 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv6 route ::/1 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv6 route 8000::/2 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv6 route c000::/3 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv6 route e000::/4 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv6 route f000::/5 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv6 route f800::/6 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv6 route fc00::/8 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv6 route fe00::/7 18 Jul. 2023 12:17:30 UTC [Info] Starting VPN connection to server 18 Jul. 2023 12:17:30 UTC [Info] Protecting IPv4 socket 18 Jul. 2023 12:17:30 UTC [Info] Protecting IPv6 socket 18 Jul. 2023 12:17:30 UTC [Info] CONNECTED to VPN (AirVPN server us.vpn.airdns.org) us.vpn.airdns.org (WireGuard) Server Host: 104.129.48.66 Server Port: 1637 IPv4 address: 10.188.173.174/32 IPv6 address: fd7d:76ee:e68f:a993:d64b:ed40:171:7272/128 DNS IPv4: 10.128.0.1/32 DNS IPv6: fd7d:76ee:e68f:a993::1/128 18 Jul. 2023 12:20:22 UTC [Info] Refreshing AirVPN manifest 18 Jul. 2023 12:20:22 UTC [Info] Requesting manifest document to AirVPN 18 Jul. 2023 12:20:22 UTC [Info] Trying connection to AirVPN bootstrap server at http://63.33.78.166 18 Jul. 2023 12:20:26 UTC [Info] Successfully received manifest document from AirVPN 18 Jul. 2023 12:20:26 UTC [Info] Setting manifest to the instance downloaded from AirVPN server 18 Jul. 2023 12:22:06 UTC [Error] WireGuard handshake expired. Connection will be terminated. 18 Jul. 2023 12:22:06 UTC [Warning] WireGuard: Disconnecting VPN 18 Jul. 2023 12:22:06 UTC [Debug] VPNTunnel.clearContexts(): Clearing VPN contexts 18 Jul. 2023 12:22:06 UTC [Warning] WireGuard: Successfully disconnected from VPN

Hello all, Anyone managed to set up amule with a HighID through wireguard? I run debian bookworm, I opened 3 consecutive ports and configured them in amule but I'm still a low ID. To make sure amule binds to the right interface (my wg interface is not the default one), I use https://github.com/JsBergbau/BindToInterface I am not sure what I did wrong. For qbittorrent I chose the wg interface and opened the port and it just works. Is this a limitation of BindToInterface, amule, airvpn? A bad setting somewhere? Thanks for reading me