pfSense WireGuard Package - Project Report 006 (UPDATED)
ฝัง
- เผยแพร่เมื่อ 8 ก.พ. 2025
- pfSense WireGuard Package - Project Report 010 • pfSense WireGuard Pack...
Discussions:
Reddit : / pfsense
Forums: forum.netgate....
www.netgate.co...
"WireGuard" and the "WireGuard" logo are registered trademarks of Jason A. Donenfeld.
Project is coming along great and I like that the interfaces cant be modified without rebuilding each time. The Mullvad VPN setup will really be a popular use case.
Top notch! Well done! Can't wait to see it in the next pfSense version.
Just wanted to say the same :-)
Wow!!! This is awesome. Thank you!
Please allow for adding an "Allowed IP" without adding routes. Our use case is specifically having a point-to-point connection and using BGP on top of that. For instance 172.30.0.1 -> 172.30.0.2 and having BGP between those two peers exchange various 10.0.0.0/24 routes. Such that traffic may appear as 10.0.0.100 -> 10.0.0.1/172.30.0.1 -> 172.30.0.2/10.0.5.1 -> 10.0.5.50. If there was no possibility to disable automatic route adding, the use cases would be diminished.
Yes absolutely this. I have similar requirements as well. I will be likely adding a checkbox on a per allowed ip to enable/disable automatic route creation
Thank you for your effort! I was actually checking how to install wireguard in openwrt because the lack of functionallity in Pfsense. Then I happily read about these great news.
I am looking forward for the 2.6 release version, so I can install wireguard as a package.
Oh by the way I was forgetting to ask... Will it be possible to create a NAT outbound rule, and set up a gateway in specific interfaces, so we can tunnel only on certain interfaces? as I see it is possible with for example openvpn
Thanks and have a good one!
Hello, I have a question/request. I have managed to setup WindScribe VPN on PFSense and it's working well (way less buggier than original implementation and no kernel panics lol). The problem is that it uses default gateway with no way to change the interface. With OpenVPN, you can change the interface which is used to create the tunnel. Static route can be used with endpoint address as dest network to change it to non-default gateway but then the problem is that static route doesn't support gateway group.
Is there any way to route the WireGuard tunnel over gateways other than default?
Thanks
Static route or setting the system default gateway to the desired gateway group is currently the only two options
@@ChristianMcDonald ok, thank you
But where do you select which WAN for the WG to use?
Create a static route toward your remote endpoints /32 or /128 host out your desired gateway.
Other than that, if you want WireGuard to follow a gateway group (static routes don't support gateway groups), you'll need to set your firewall gateway to your preferred group and policy route your LANs if you don't want them tracking thi as group too.
Thanks !
I guess it's not advisable to install on top on 2.5.x ?
2.5.1 is fine
@@ChristianMcDonald
Is this a proper way ?
2.5.1 installed
Set branch in System Update to 2.6.x
Find and install WireGuard in Packages ?
I would not do that. If you’re on 2.5.1, sideloading is the best way currently
@@ChristianMcDonald copy thx
Will have the version in the video out tonight