ProtonVPN constantly goes down on Pfsense

Hi all,

I have been using ProtonVPN (Proton Unlimited) for 1.5 years now. I have the config setup on PfSense on a FW4B 4-port Protectli Vault using Michael Bazzell’s config: https://inteltechniques.com/firewall/2024/FW4B.xml (this is just for context). For some reason, almost every day for like 10+ minutes the VPN just goes down. Even when I “reset” the connection to change to another IP from the Proton list, the issue still persists. I am contemplating switching over the IVPN or Mullvad on PfSense, but I want to see if anyone else was able to mitigate this issue. I believe this issue lies in the server being overloaded where I am trying to authenticate (see image attached)

I am not well-versed in security terminology, so please forgive any errors.

Thanks

Have you tried a different Proton VPN server to see if it helps?

Hey jonah, thanks for the quick response. I have. Servers that are local to me, as well as that aren’t. The config does have it so a random IP address is chosen from the list I have provided to it (all are IP addresses from Protons Paid list of servers).

Proton recently are recommending their Wireguard based protocols over their older OpenVPN based ones. I use it at home on my Protectli router and it works fine if I dont actually have ISP outage.

Would you be able to share what steps you followed to get that setup? I have tried based on what I saw in Michael Bazzell’s Firewall PDF and was not able to get it working.

I used the official guide:

The downside is that it doesnt have the features that has in the Michael Bazzel guide like, IIRC, its VPN failover.

I just realized for a few days I have been having issues with ProtonVPN as well. I do not think it is my ISP having connectivity issues because I plugged a rando laptop in directly into the Fiber mkdem/router and the internet works correctly.


I contacted their support and this is what they have replied:

Hello,

Thank you for contacting us.

May I ask what location (country) you are connecting from and which exact servers (i.e. CH#10) have you tried connecting to?
Have you tried multiple different Proton VPN servers?
Have you made sure to select “Router” as the platform when generating the WireGuard config file?
Have you tried connecting with OpenVPN instead, to check if the same behavior persists?
Are you using any firewall rules, other VPN, or a custom DNS setup?
Can you send me some screenshots of the current setup within the router, so I can check if everything is configured properly?
Also, what exactly are you doing when this happens? Are you perhaps performing some bandwidth-intensive tasks (e.g. downloading files, torrenting, etc.)?

Looking forward to your reply.
Kind regards,

[redacted]
Customer Support


I may have fixed the issue by disabling IPv6 on the modem/router side.

Thanks for the quick reply! Yes, I did read about the single IP “lock-in” with the WG setup. The way Proton has been going down for me (maybe like 2-3 times daily for 10 minutes) I am worried that limiting it to one WG server will make it worse. However, I have not tried this out and can’t say for sure. I will try this out and see if that ends up working better for me.

On a related side-note, I am currently paying for IVPN to test their capabilities and have been dealing with a similar issue as well. However, the time it takes for IVPN to come back up vs Proton is much quicker. In addition, I have been seeing my ping at 30 ms at Proton, while it is 10-15 at IVPN. I think maybe my Protectli is getting old?? Like how possible is it for 2 major VPN providers to have the same issue? By any means, my hunch till now is that maybe the servers get full and that prevents me from getting either OVPN authentication or my actual data (or both).

Thanks again for your suggestion and for the link. I plan to try WG soon. I will mark this as solved once I can test WG for a week and it does not have any downtime as the original post mentions.