dc361
commented
1 year ago Would it help to do a traceroute to your mail server over the vpn connection to see where the packets are failing?
Open avsiman opened 1 year ago
dc361
commented
1 year ago Would it help to do a traceroute to your mail server over the vpn connection to see where the packets are failing?
avsiman
commented
1 year ago I ran a trace route from my internet with no VPN, one with openvpn, and one with wireguard. The results are shown below. By no means am I a networking expert. I enjoy playing with different products and features. I like to see what's possible.
Thanks for your assistance.
dc361
commented
1 year ago Ok.. so you can see the SMTP server .. can you use the web interface to gmail while on wireguard? Also I didn't see an mtu setting in your config. Could you try adding: set interfaces wireguard wg6 mtu 1420
avsiman
commented
1 year ago No issue using a web browser to connect to gmail. Works fine, MTU in the wireguard interface is already 1420
All IoT devices are currently routed through wg6 and have no issues connecting to their cloud servers.
dc361
commented
1 year ago Ok.. so what is different about the app while on wireguard. Could it be not recognizing the wg6 interface as being LAN/Wifi connected? Could it be the source route rules?
Anyone else with more experience with source routing want to jump in?
avsiman
commented
1 year ago I'm unsure what is different. This is the routing that I'm using to go from wg2(iphone/computer connecting to router remotely) to wg6.
set service nat rule 5005 description 'Wireguard Canada' set service nat rule 5005 log disable set service nat rule 5005 outbound-interface wg6 set service nat rule 5005 source address 10.0.92.0/24 set service nat rule 5005 type masquerade commit save
set firewall modify SOURCE_ROUTE_CAN rule 11 description 'traffic from 10.0.92.0/24 to wg6' set firewall modify SOURCE_ROUTE_CAN rule 11 source address 10.0.92.0/24 set firewall modify SOURCE_ROUTE_CAN rule 11 modify table 2 set interfaces wireguard wg2 firewall in modify SOURCE_ROUTE_CAN commit save
dc361
commented
1 year ago I notice in the example above you set the modify firewall on the wireguard interface (wg2) but in the first example you apply the firewall to the vif interface.
avsiman
commented
1 year ago wg2 is the interface that my iphone/laptop uses to VPN to the Router. wg2 interface is then routed to the wg6 interface.
Package version
1.0.20220627-1
Firmware version
v2.0.9-hotfix.5
Device
EdgeRouter 4 / 6P / 12 - e300
Issue description
I'm using Edgerouter 4 to connect to NordVPN using wireguard. The connection works and I'm able to route traffic, use the internet and run speed test to ensure that everything is working. However on both my computer and iphone the mail apps timeout and won't connect to the gmail and icloud server. On the iphone I'm using the standard mail app and on the windows machine I'm using the built in mail app. I have also tested on SurfShark and have the same result.
When I complete the same setup using using OpenVPN to the NordVPN servers I have no issue and the mail programs work as expected.
With a slightly different setup I can use the wireguard app on my iphone to connect to the edgerouter. I then have this interface routed to the NordVPN server using wireguard and the mail apps work fine.
Has anyone experienced any issues with this?
Configuration and log output