matomo

Special Offer: Save $144.12 on our annual subscription

Install WireGuard on pfSense

This guide is also available in Svenska, Deutsch and Norsk

Supported versions: pfSense 2.7.2

Last updated: February 12, 2024

1. Change DNS servers

Navigate to SystemGeneral Setup.

Change the DNS servers in the list to:

  • 46.227.67.134
  • 192.165.9.158

Deselect, so that Allow DNS server list to be overridden by DHCP/PPP on WAN is not checked

Under DNS Resolution Behavior, select Use remote DNS servers, ignore local DNS.

Save the changes.

2. Install WireGuard

Navigate to System → Package manager

Click on Available packages.

Search for WireGuard.

Install the WireGuard package that comes up.

Total infrastructure ownership

All the hardware used to operate OVPN is owned by us. All VPN servers operate without hard drives as the operating system only resides in RAM.

Learn more

3. Generate the config(s) you want

4. Configure WireGuard

Navigate to VPNWireGuard.

4.1 Add interface

Click on Tunnels.

Click on Add tunnel.

In the Tunnel Configuration (tun_wg0) window that should be opened, enter the following information:

Enabled
Checked
Description
OVPN
Listen port
(leave blank)
Private key

Under Interface Configuration (tun_wg0). Under Peer Configuration, make the following changes:

Interface Addresses

Click on +Add Address to add an extra field for the IPv6 address.

Leave everything else as is.

Click on Save Tunnel

4.2 Add peer

Click on Peer.

Click on Add peer. Enter the following information:

Enable
Checked
Tunnel
Select tun_wg0 (OVPN)
Description
Dynamic endpoint
Unchecked
Endpoint
Endpoint Port
Keep Alive
Leave default
Public Key
Pre-shared Key
Leave default

Under Address Configuration, make the following changes:

AllowedIPs
0.0.0.0/0, ::/0

On AllowedIPs, you need to click on +Add Allowed IP to add both addresses and select 0 from the drop-down.

Save the changes.

5. Start the VPN connection.

Navigate to VPN → WireGuard.

Click on Settings.

Check Enable WireGuard. Leave everything else as-is.

Click on Save.

Click on <strong>Apply changes</strong>.

6. Create the WireGuard interface

Navigate to Interfaces → Assignments.

6.1 Create WireGuard interface

Click on Add next to Available network ports to add the tun_wg0 (tun_wg0) interface.

Click on Save.

6.2 Configure the interface

Click on the newly created interface (normally called OPT1 by default) and make the following changes:

General configuration

Enable
Checked
Description
WG0
IPv4 Configuration Type
Static IPv4
IPv6 Configuration Type
Static IPv6

Static IPv4 configuration

IPv4 Address
IPv4 Upstream Gateway
Will be modified later

Static IPv6 configuration

IPv6 Address
Use IPv4 connectivity as parent interface
Checked
IPv6 Upstream Gateway
Will be modified later

6.3 Create the gateway

Click on +Add new gateway under Static IPv4 configuration

In the new window that comes up, make the following changes:

Default
Checked
Gateway name
WG0GWv4
Gateway IPv4
Description
Optional

Click on Add.

Click on +Add new gateway under Static IPv4 configuration

In the new window that comes up, make the following changes:

Default
Checked
Gateway name
WG0GWv6
Gateway IPv6
Description
Optional

Click on Add.

Click on Save.

Click on Apply changes.

7. Verify that the connection was successful

You should now be connected to OVPN and be able to browse the internet safely. To make sure everything was set up correctly, please check the dashboard to verify that you are connected.