Skip to main content

Configuring PFSense

Configuring Wireguard

  1. Install the package via System > Package Manager > Wireguard
  2. Browse to VPN > Wireguard
  3. Add a tunnel
  4. Generate a key pair (Configuration and Peers to be configured later). The public key from this is needed in Configuring the Peers
  5. Set allowed IPs to be a NetworkID/netmask in CIDR notation (
  6. Add Firewall > Rules > WAN to allow 51280 to an IP on PFSense to be routed to Wireguard.
  7. Add Firewall > Rules > Wireguard/Opt to allow Wireguard traffic to appropriate resources on other network interfaces.

Configuring Tunnel

  1. Browse to VPN > Wireguard

  2. Click the person+ icon to the right of the tunnel

  3. Set a Description, Tunnel (Created in above section), check Dynamic Endpoint, and copy in Public Key from peer. This value comes from the Configuring the Client page.

  4. Set an IP address for the peer, this is unique to the peer and should be the IP/Mask in CIDR notation