How to Connect pfSense to a WireGuard VPN

In this article, we'll walk you through the steps to connect your pfSense firewall to a vpnsafe.net WireGuard VPN. WireGuard is a modern, secure, and high-performance VPN protocol that is increasingly popular due to its simplicity and speed.

Prerequisites

• A pfSense firewall running version 2.5.0 or later.
• A valid account with vpnsafe.net.
• WireGuard package installed on your pfSense device.

Step 1: Install the WireGuard Package on pfSense

1. Log in to pfSense:

   • Open your web browser and log in to your pfSense firewall.

2. Navigate to Package Manager:

   • Go to System > Package Manager.

3. Install WireGuard:

   • Click on the Available Packages tab.
   • Search for WireGuard.
   • Click Install next to the WireGuard package.
   • Confirm and wait for the installation to complete.

Step 2: Obtain WireGuard Configuration from vpnsafe.net

1. Log in to vpnsafe.net:

   • Access your account on the vpnsafe.net website.

2. Generate WireGuard Configuration:

   • Navigate to the VPN configuration section.
   • Select WireGuard as the VPN type.
   • Download the configuration file or note down the necessary details (Public Key, Private Key, Endpoint, Allowed IPs, and DNS).

Step 3: Configure WireGuard on pfSense

1. Access WireGuard Settings:

   • Go to VPN > WireGuard.

2. Add a New Tunnel:

   • Click on the + Add Tunnel button.

3. Configure the Tunnel:

   • Description: Name the tunnel (e.g., vpnsafe.net WireGuard).
   • Public Key: Use the Public Key provided by vpnsafe.net.
   • Private Key: Use the Private Key provided by vpnsafe.net.
   • Listen Port: Leave as default or specify a port if required.

4. Save and Apply:

   • Click Save.
   • Apply changes if prompted.

Step 4: Add Peers to the Tunnel

1. Add a Peer:

   • Click on the + Add Peer button within the WireGuard tunnel configuration.

2. Configure the Peer:

   • Description: Name the peer (e.g., vpnsafe.net Server).
   • Endpoint: Enter the endpoint provided by vpnsafe.net (e.g., vpn.vpnsafe.net:51820).
   • Public Key: Enter the public key of the vpnsafe.net server.
   • Allowed IPs: Enter 0.0.0.0/0 to route all traffic through the VPN.
   • DNS Servers: Enter the DNS server IPs provided by vpnsafe.net if applicable.

3. Save and Apply:

   • Click Save.
   • Apply changes if prompted.

Step 5: Configure Firewall Rules

1. Add Interface:

   • Go to Interfaces > Assignments.
   • You should see a new interface named wg0 (or similar). Click + to add it.
   • Name the interface (e.g., VPN_WG).
   • Enable the interface and click Save.

2. Configure Interface:

   • Click on the newly added interface.
   • Set IPv4 Configuration Type to None.
   • Click Save and then Apply Changes.

3. Create Firewall Rules:

   • Go to Firewall > Rules.
   • Select the newly created interface tab (e.g., VPN_WG).
   • Click + Add to create a new rule.
     • Action: Pass
     • Interface: VPN_WG
     • Address Family: IPv4
     • Protocol: Any
   • Click Save and Apply Changes.

Step 6: Route Traffic Through the VPN

1. Go to System > Routing:

   • Click on the Gateways tab.
   • Add a new gateway if it does not exist for wg0.

2. Set Default Gateway:

   • Go to the System > Routing > Gateways tab.
   • Edit your WAN_DHCP or equivalent.
   • Set the new WireGuard gateway as the default gateway.

Step 7: Test the VPN Connection

1. Check Status:

   • Go to Status > WireGuard.
   • Ensure the tunnel is active and the peer is connected.

2. Verify Connection:

   • Use an external service like whatismyip.com to confirm your public IP matches the VPN server.

Conclusion

By following these steps, you should have successfully connected your pfSense firewall to a vpnsafe.net WireGuard VPN. This setup enhances your network security and ensures your traffic is routed securely through the VPN.

If you encounter any issues, refer to the vpnsafe.net support or the pfSense documentation for additional troubleshooting tips.