I’ve recently configured a Wirerguard Mullvad tunnel on my pfSense router. I still have the Mullvad app installed on my devices and will likely often used them in order to quickly change locations etc.
I’m curious though how the traffic is routed exactly? It looks like my device’s traffic is first sent to the server configured in pfSense, and then sent to the server I chose in the Mullvad app. Do I have this right ?
Are there any issues with doing this?
That is correct. If pfSense is configured to send all outbound to mullvad server (A), traffic from all clients using pfSense as gateway will be sent towards that server (A). Then, traffic will flow to the VPN server configured on the device (B) and then to final destination.
You’ re basically doing a double-VPN which is useless since you’re using the same provider -privacy wise. You ‘re also introducing extra hops which will add more latency depending on the servers’ locations and may considerably slow down the connection. Lastly, also adding unnecessary extra overhead in your connection flows on a packet level.
If I were you, I would policy base route on pfSense the traffic sourced from those devices I want to run mullvad on demand in order to swap servers and route it directly out to the internet, not via the tunnel.
Hope that helps
Thanks. Ya, that makes sense I guess. Do you know if there is any difference in performance in terms of encrypting/decrypting on the pfSense appliance vs on the device ?
If you question whether to run the tunnel on pfSense or on the device, just pick any. No difference regarding en/decryption performance.
From a device standpoint :
Performance in terms of cpu/ram no. It’s not a heavy process. But you 'll end up having 2 tunnels (one within the other) with extra overhead which will reduce the MTU for no reason and give you less throughput as a result. Regardless if you notice any of the above, what you will notice is the increased latency (ping times from the device, not pfSense) which will vary every time you swap mullvad servers.
Just test and trial ! If it works for you, happy days. That’s what matters down the line.