In this article you will learn How to remote access to your network on pfSense using WireGuard.
Install the WireGuard package
Log in pfSense : http://192.168.1.1
Go to "System" > "Package Manager"
Download WireGuard for Windows https://www.wireguard.com/install/
Switch to "Available Packages" tab, search "wireguard", then click the "Install" button on the right.
After the package has been installed, you will receive a prompt :
pfSense-pkg-WireGuard installation successfully completed.
There will be a new sub menu "WireGuard" in the VPN menu.
In the top menu go to VPN and then select wireguard, next, we will select "Settings".
"VPN" > "WireGuard" > "Settings", You need to enable the wireguard service, click "Save" button to save you settings.
Switch to the "Tunnels" tab, and "Add Tunnel".
Listen Port: 51820, click "Generate".
Interface Keys: to establish a connection, you will need to generate a keypair.
Note down the interface public key as it will be needed after.
Address: this will be the address of your tunnel interface. For example, let's use 10.0.1.1/24
Make sure the range you pick does not overlap with others you already defined.
We now need to configure the interface itself and the firewall so that the traffic is allowed in the first place.
Go in "Interfaces > Assignments" and "Add" your Wireguard interface.
You set the ip address for this interface.
Next, we need to open up the "Listen Port" picked above on our WAN interface.
Go in "Firewall > Rules" and select your WAN interface.
To note, the destination port will be 51820.
Now, we need to add a rule in our VPN interface. This is to allow the traffic from the Wireguard network to reach what is needed. Both "WireGuard" and "VPN" are set like this.
We now need to configure your device that will be connecting to our Wireguard tunnel as a peer.
For example, a Windows PC. Open the WireGuard GUI and click on Add Tunnel -> Add empty tunnel...
The software automatically creates the public and private key pair and displays it on the screen. You get publickey information for the purpose of setting up on pfsense.
We then add a "Peer", go to "VPN" > "WireGuard" > "Peers"
You select the tunnel you just created in the previous step from the dropdown list menu.
PublicKey: Public key of the Windows client.
Allowed IPs: To route all traffic to the Wireguard tunnel when active, set this to 0.0.0.0/0
On the Windows side you need to insert the following configuration:
Listen port = 51820
Address: IP address of this client. It must be unique among all clients.
PublicKey: Public key of the pfSense.
AllowedIPs: Specifies what IP addresses should be routed over the VPN. 0.0.0.0/0 is a catch-all configuration and routes everything over the VPN.
Endpoint: External IP address of the server and listening port. ListenPort is 51820.
You should now be able to activate the VPN connection. Click on activate. We should be connected to our wireguard tunnel and able to access all are your network from afar.