In this article, you will learn how to setup remote access to your network using WireGuard on pfSense router.
Installing the WireGuard package
Go to "System" > "Package Manager" > "Available Packages", search "wireguard", then click "install".
After the package has been installed there will be a new sub menu in the VPN menu.
In the top menu go to "VPN" and then select "wireguard", next, we will select "Settings".
Setting the WireGuard
You need to enable the wireguard service.
Next, click "Tunnels", we will select "Add Tunnel". Listen Port: 51820. Interface Keys: to establish a connection, you will need to generate a keypair. Note down the interface public key as it will be needed after.
Address: this will be the address of your tunnel interface. For example, let's use 10.0.1.1/24. Make sure the range you pick does not overlap with others you already defined.
We now need to configure the interface itself and the firewall so that the traffic is allowed in the first place.
Go in "Interfaces" > "Assignments" and "Add" your Wireguard interface. You set the ip address for this interface.
Next, we need to open up the "Listen Port" picked above on our WAN interface.
Go in "Firewall" > "Rules" and select your WAN interface. Click "add" button.
Action: Pass, Interface: WAN, Address Family: IPv4, Protocol: UDP, Destination: WAN address. To note, the destination port will be 51820. Then, click "save" button.
Now, we need to add a rule in our VPN interface. This is to allow the traffic from the Wireguard network to reach what is needed.
Go to "Firewall" > "Rules" > "WireGuard", Click "add" button. Protocol: any.
Go to "Firewall" > "Rules" > "VPN", Click "add" button. Protocol: any.
We now need to configure your device that will be connecting to our Wireguard tunnel as a peer.
For example, a Windows PC. Open the WireGuard GUI and click on Add Tunnel -> Add empty tunnel...
The software automatically creates the public and private key pair and displays it on the screen. You get publickey information for the purpose of setting up on pfsense.
We then add a "Peer". Go to "VPN" > "WireGuard" > "Peers".
You select the tunnel you just created in the previous step from the dropdown list menu.
PublicKey: Public key of the Windows client
Allowed IPs: To route all traffic to the Wireguard tunnel when active, set this to 0.0.0.0/0.
On the Windows side you need to insert the following configuration:
Listen port = 51820
Address: IP address of this client. It must be unique among all clients
PublicKey: Public key of the pfSense
AllowedIPs: Specifies what IP addresses should be routed over the VPN. 0.0.0.0/0 is a catch-all configuration and routes everything over the VPN.
Endpoint: External IP address of the server and listening port. ListenPort is 51820.
You should now be able to activate the VPN connection. Click on activate. We should be connected to our wireguard tunnel and able to access all are your network from afar.
Facebook: https://www.facebook.com/routerbest
Twitter: https://twitter.com/routerbestcom
