The Atlanta/Google servers are through my VPN. I’ve tried everything I could think of, but somehow when I google my IP, the real one comes up. I’ve tunneled all of my traffic through WG using 0.0.0.0/0 and set up the rules correctly. Sometimes when I restart and change VPN servers it’ll work perfect, but it always goes back to showing my real IP. Any help is appreciated
Are you trying to tunnel the entire connection over the VPN, or just individual clients via policy routing?
If it’s via policy routing, ensure it’s a floating rule. If you must, you can also add blocking traffic to stop your clients from sending DNS (or any) traffic over the default WAN connection. Deny/Block the connections and only allow on the Wireguard interface/gateway. I only do all this stuff for a certain Torrenter client machine/VM, myself.
And finally, it’s a bit of a shot in the dark here, but the last time I had issues with traffic going over the wrong connection (especially if you mentioned yours is fine for a while until later on): Go to System → Advanced → Miscellaneous and check “Do not create rules when gateway is down” - this shouldn’t normally matter if your WG gateway is up, but if there’s any reason it’s detected to be down for any amount of time, then your policy routing stops working and will go over the normal gateway, leaking your traffic.
It may end up not being the issue, but something to still do.
Where is your Wireguard exit point?
Before anyone asks, yes I’ve deleted cookies/history and tried again. Something interesting is that on my personal devices I have this issue, but on my spouses phone the IP comes back as the VPN IP. I’m stumped.
Edit: THE PROBLEM IS FIXED IF I RESTART WG, BUT IT COMES BACK.
flush your state table and try again
Did you create a default gateway to your wg IP and set the wg interface to use it?
Could be an ipv6 problem somehow? Try to tunnel ::/0 and ensure ipv6 traffic is routed properly (or blocked entirely)
Is the wireguard server just on your local network (the pfsense firewall or server) or do you have a provider like mullvad, proton, or nordvpn?
Don’t mean to be rude, but have you considered posting the configuration?
Most likely your routing is wrong. The dns server gets routed through the internal address but nothing else.
Let me guess… You are spending all this effort and reddit posts, because ProtonVPN told you your network would be very secure and invisible on the internet?
The setup works fine, until it randomly starts displaying my real IP instead of the IP I’m tunneling my traffic through. (ProtonVPN)
Edit: I’ve fixed the problem. I’m going to leave this up in case anyone has something similar happen. Basically, when I had a power outage last week, on the PFSense reboot it automatically created/edited rules and those new rules were interfering with the tunneling. Long story short basically I had a huge DNS leak because my traffic didn’t know where to go. I fixed the problem by going into settings/advanced/firewall & NAT/ disable auto VPN rule generation, then go to System/Advanced/Miscellaneous/Check “Do not create rules when gateway is down” Shoutout to the guy who recommended I check that out. I was looking at my rules and realized that they definitely were not how I left them. This also explains why after a reboot or restarting WG my settings would work temporarily, and then once enough traffic was being pushed onto my router, that’s when I started having DNS leaks. This also explains why certain devices were showing the VPN IP, and others were using my real IP. Thank you for coming to my Ted Talk & thanks to all the people who tried to help.
You somewhat solved my issue. It was an issue with automatic rule generation after a restart. Thank you. Lots of these Reddit folks will berate you until you “post a config” and then provide no help afterwards, that’s why I didn’t bother. I’d much rather talk to someone that knows what they’re doing (you) and troubleshoot based off of tips (which I did). Thanks again man.
I want to tunnel the entire connection. I want to reiterate that some devices in my home show the VPN ip, and some are showing my real modem IP. I have no clue why. When I do a DNS leak test, only the VPN servers come back, but if I google “what’s my ip” my real ip is shown. Makes no sense. WG/PFSense was working perfectly until it wasn’t. I know the routing is configured somewhat correctly, if PFSense is down neither WAN or LAN will work. Hope this helped a bit. (Please help I have no clue what I’m doing)
What do you mean? I don’t understand the question. My setup is as follows: ISP Modem - PFSense - Router - Switch. WG is configured to tunnel all of my wan and lan traffic through the VPN I’m using.
Comes back good, (it still shows my real ip though) how come when I google my IP regardless of browser it comes back with my public IP instead of WG VPN?
Yes, if I didn’t there wouldn’t be a handshake.
V6 traffic is blocked, and I clearly stated 0.0.0.0/0 is what I’m tunneling my traffic through.
WG is installed on my PFSense box that’s hooked into my router and switches. ProtonVPN is my provider (I’m using their dns to route traffic through their servers)
What do you mean post the config? Is there somewhere specific I go to grab a log that will help yall?
ProtonVPN told me your mother is available and only 5 miles away.