Then just rank your Mullvad gateways in whatever order you wish. As soon as you pick either an IPv4 or IPv6 gateway, the other protocol gateways become unavailable.
Name it something like “MullvadGateways_IPv4” and assign tiers to your Mullvad gateways. Under System → Routing → Gateway Groups, add a gateway group.
We’re going to make two gateway groups, one for IPv4, one for IPv6. Check Status → Wireguard → Status and expand out your Mullvad tunnels. You should then have one or more tunnels with peers persistently connected. Since I’m not using the connections all the time, I found they did not wake gracefully when I needed them, and when they go down, it’s bullshit to get them reconnected. One deviation from the guide: in each peer, set a Keep Alive of 60 seconds. If you want multiple tunnels, just rinse and repeat. Follow that up through the setup of the Outbound NAT rules, since the rest of the guide funnels all traffic through Mullvad 1. SpookyGhost wrote a very good guide for getting Mullvad connected in pfsense. Mullvad limits users to 5 wireguard keys, so my combination of devices + connections is limited. I set up two tunnels with a couple peers each, but you could do this with any number for additional redundancy, or a single tunnel with multiple peers. Adding in this new stuff on top of a barely-functioning network will only bring misery, trust. If you don’t have #1-4 (or some stable, working variation on those) in place, definitely go do that. Mullvad2/etc – second+ outbound connection to Mullvad.Mullvad1 – outbound connection to Mullvad.WireguardServer – home wireguard server, configured when wg was set up.VLAN_xx_DHCP – standard home lan/wifi VLAN.Speaking only to the relevant process here, you’ll end up with these interfaces defined within pfsense: It gets less complicated after this, I promise. Ask in the comments if you get stuck trying that path. You can also do part or all of this whole thing with OpenVPN with some minor adjustments. Mine uses the pfsense plugin, but if you’ve spun up your own, then just make sure you’ve already done the routing to make it work in pfsense. Have a functioning wireguard server that runs well for your phone/laptop/whatever. Backup your router settings early and often as you work, and take notes on what you’re doing. Configuring wireguard connections manually (🎶 still only barely do 🎶)ĭoing a lot better on them now, and even moreso after writing this post.įinal note here: Don’t be like me, folks.Firewall configuration within pfsense other than just basic allowing/blocking for games and services.Here are some of things I didn’t have a great grasp on before starting this undertaking: That’s less the case now: my access away from home is primarily to get to Photoprism and FreshRSS, neither of which are background tasks benefiting a constant connection. My phone switches between these wireguard services automatically as I connect or disconnect from my home wifi (this is currently a little shaky).Īt the time of the reddit post, I was running my own CalDav/CardDav server ( Baikal) and pushing photo backups directly to my Synology NAS, so a fairly stable connection to my home network was a plus.My home wireguard service routes its traffic out through my 3rd party VPN provider.While I’m out, my phone connects to my home wireguard service ( pfsense), which allows internal resource access.When I’m home, my phone stays connected to my 3rd party wireguard VPN (Mullvad), but uses my home DNS resolver (pfsense).I’ve refined the idea and changed a few technologies since that reddit post, so my requirements are now: Here’s a table of contents in case you only care about parts of it: The faster and more automated any network switcheroos are, the better. Last year, I asked about some very specific home network routing ideas over on reddit, with the goal being to securely access home network resources from my phone while away from home while maintaining some coverage from my 3rd party VPN provider, Mullvad.
0 kommentar(er)
