Configuring PFSense
Configuring Wireguard
- Install the package via
System > Package Manager > Wireguard
- Browse to
VPN > Wireguard
- Add a tunnel
- Generate a
key pair
(Configuration and Peers to be configured later). The public key from this is needed in Configuring the Peers - Set allowed IPs to be a NetworkID/netmask in CIDR notation (
192.168.50.0/24
) - Add
Firewall > Rules > WAN
to allow 51280 to an IP on PFSense to be routed to Wireguard. - Add
Firewall > Rules > Wireguard/Opt
to allow Wireguard traffic to appropriate resources on other network interfaces.
Configuring Tunnel
-
Browse to
VPN > Wireguard
-
Click the person+ icon to the right of the tunnel
-
Set a Description, Tunnel (Created in above section), check Dynamic Endpoint, and copy in Public Key from peer. This value comes from the Configuring the Client page.
-
Set an IP address for the peer, this is unique to the peer and should be the IP/Mask in CIDR notation
192.168.50.3/32