sudonem<p>I recently discovered that despite having a business account, my ISP will automatically block <a href="https://infosec.exchange/tags/WireGuard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WireGuard</span></a> traffic if I use a tunnel actively for an extended period, or if there is just a lot of traffic. (Tech support swears they don't do this but the internet suggests otherwise).</p><p>The only viable workaround I've found is to somewhat regularly rotate the listen port on the tunnel.</p><p>This, it turns out, is a headache with <a href="https://infosec.exchange/tags/pfSense" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pfSense</span></a>. </p><p>It's very crude and only supports a single tunnel at the moment, but I just spent an absurd amount of time on a solution - so here it is if anyone is interested:</p><p><a href="https://github.com/sudonem/pfsense-wg-rotate" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/sudonem/pfsense-wg-</span><span class="invisible">rotate</span></a></p><p><a href="https://infosec.exchange/tags/ShellScripts" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ShellScripts</span></a> <a href="https://infosec.exchange/tags/PHPshell" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PHPshell</span></a> <a href="https://infosec.exchange/tags/pfSense" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pfSense</span></a> <a href="https://infosec.exchange/tags/WireGuard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WireGuard</span></a> <a href="https://infosec.exchange/tags/Privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Privacy</span></a></p>