How to turn pfSense into VPN server

NC

In this article, you will learn how to setup remote access to your network using WireGuard on pfSense router.

Installing the WireGuard package

Go to "System" > "Package Manager" > "Available Packages", search "wireguard", then click "install".

How to turn pfSense into VPN server

After the package has been installed there will be a new sub menu in the VPN menu.

In the top menu go to "VPN" and then select "wireguard", next, we will select "Settings".

Setting the WireGuard

You need to enable the wireguard service. 

How to turn pfSense into VPN server

Next, click "Tunnels", we will select "Add Tunnel". Listen Port: 51820. Interface Keys: to establish a connection, you will need to generate a keypair. Note down the interface public key as it will be needed after.

How to turn pfSense into VPN server

Address: this will be the address of your tunnel interface. For example, let's use 10.0.1.1/24. Make sure the range you pick does not overlap with others you already defined.

How to turn pfSense into VPN server

We now need to configure the interface itself and the firewall so that the traffic is allowed in the first place.

Go in "Interfaces" > "Assignments" and "Add" your Wireguard interface. You set the ip address for this interface.

How to turn pfSense into VPN server

Next, we need to open up the "Listen Port" picked above on our WAN interface. 

Go in "Firewall" > "Rules" and select your WAN interface. Click "add" button.

Action: Pass, Interface: WAN, Address Family: IPv4, Protocol: UDP, Destination: WAN address. To note, the destination port will be 51820. Then, click "save" button.

Now, we need to add a rule in our VPN interface. This is to allow the traffic from the Wireguard network to reach what is needed. 

Go to "Firewall" > "Rules" > "WireGuard", Click "add" button. Protocol: any.

Go to "Firewall" > "Rules" > "VPN", Click "add" button. Protocol: any.

How to turn pfSense into VPN server

We now need to configure your device that will be connecting to our Wireguard tunnel as a peer. 

For example, a Windows PC. Open the WireGuard GUI and click on Add Tunnel -> Add empty tunnel...

The software automatically creates the public and private key pair and displays it on the screen. You get publickey information for the purpose of setting up on pfsense.

How to turn pfSense into VPN server

We then add a "Peer". Go to "VPN" > "WireGuard" > "Peers".

You select the tunnel you just created in the previous step from the dropdown list menu.

PublicKey: Public key of the Windows client

Allowed IPs: To route all traffic to the Wireguard tunnel when active, set this to 0.0.0.0/0.

On the Windows side you need to insert the following configuration:

Listen port = 51820

Address: IP address of this client. It must be unique among all clients

PublicKey: Public key of the pfSense

AllowedIPs: Specifies what IP addresses should be routed over the VPN. 0.0.0.0/0 is a catch-all configuration and routes everything over the VPN.

Endpoint: External IP address of the server and listening port. ListenPort is 51820.

How to turn pfSense into VPN server

You should now be able to activate the VPN connection. Click on activate. We should be connected to our wireguard tunnel and able to access all are your network from afar.


Facebook: https://www.facebook.com/routerbest

Twitter: https://twitter.com/routerbestcom

Tags: pfSense WireGuard