pfSense WireGuard 包 – 项目报告 010

45 comments

1. Hey bud. I loved your video. You sure know what you’re doing. ;).
   I’m trying to rebuild a site to site WireGuard tunnel between two homes for off site backups. I’ve got as far as being able to ping the remote pfsense router. I can even administer the remote router via the webpage. For some reason I can’t connect to any of the other servers on the same subnet as the remote router. I’m so close. Do you have an suggestions on where to look in my pfsense configs, remote and local, where I could fix this problem?
   Thanks and keep up the good work. I can’t wait to see your site to site pfsense 2.5.2 WireGuard tutorial. I cant find any online.

2. Can the client connect to a tunnel using a domain name? I have a dynamic address at home (no choice), however using the cloudflare API my domain is updated to my home IP. I would like to just enter my domain, but doing so doesn't seem to work.

3. Congrats!!! Will keep an Eye on the Project.
   Support

4. Will pfsense plus be available as stand alone license for DIY machines?

5. Congratulations, and thanks!

6. Nice! Can't wait for site to site configuration tutorial!

7. I'm build an wireguard tunnel with 1 peer and anything works fine.
   I wanted to add a 2nd peer to the same tunnel. Then the 1st peer no longer works. If I deactivate the 2nd peer, the 1st peer works again.
   Do I have to create a new tunnel for each peer?

8. Man I've tried everything can't get going

9. Nice work! One question arise to me: Would be a good practice to share same key's for the same client for two types of handshaking? What I mean is to generate both a Split-tunnel for "homeOffice" and a Full-tunnel config for coffee shops, airports or other kind of public wi-fi areas when full security is a must…. Cheers!

10. Wow, congrats and great work!

11. So this is a direct replacement for pptp and or vpn client, does this work for 2x pfsense site to site ipsec

12. Is there a way to add comments into the wireguard client configuration and save?

13. Great video! Best WG tut yet!

14. I wonder what this is doing with a Wireguard connection . . . if I put a packet capture on either the Tun IP 'Address assignment,' or any of my Peers 'Allowed IPs,' would anything even report? After trying it and coming up empty, I assume any encryption is preventing me from seeing anything across wg0 (I've dedicated an interface to only pass this traffic for test). Since wg0 is not an actual interface, there's no way to chart the traffic via 'Status/Traffic Graph.' This I take is a good thing — shows it's tightened down.

15. thank you very much for the help, we set this up a week ago and this video cleared up a few things that we were wondering!

16. Excellent video, well laid out, and informative. Can't wait to see the one on Peer to Peer!

17. I've got your road warrior method down, much appreciated; and I'd like to understand the split-tunnel method — and if possible, figure out how to use Wireguard with a wrapper like stunnel to get a Samba network connection between the Interface and Peers. Is this in scope with the the direction Netgate is taking for the two packages being used together for this purpose?

18. Sorry but it didn't work in iOS. I tried numerous config to make it work, but no luck. I followed your video and in iOS config, I only changed endpoint with real IP and DDNS, and no luck.

19. 6:56

20. Hi nice rundown and appreciated. But I tried following this setup and I get a connection I see some packages send back and forth and some traffic in the WireGuard rule. But I can't access anything by DNS or direct IP, any suggestion on where to look? Everything is setup more or less the same, just keys and IP ranges changed to match my setup. Any suggestions would be appreciated.

21. Nice video! One queston, at home (pfsense firewall) I have dynamic public ip, can I use dynamic dns name in "Endpoint" client configuration? Currently using openvpn this way.

22. Okay that wasn't too bad. I tried doing the peer stuff on the wireguard app for android but it had zero explanations as to what kind of info it was expecting where.

    I would suggest getting a pop filter for your microphone, however.

23. The config of the peers is saved in the config xml of pfsense am i wright ? , i was testing with the commandline wg cli. I had to switch for now to ubuntu + wireguard. I am building a bridge between active directory and wireguard and easy deploy to our clients with there ad credentials on a custom wg client. Hope to use pfsense + wireguard in the future.

24. Excellent work!

25. Hi, thanks for the video. I cant access to a third network. Do you know wheres some tutorial?

26. I do have one question, one troubleshoot, and a request for Christian. 1. As much as I try to understand these VPN connections, one thing I get lost on is why the browser will use it fine, but I cannot see any of the SMB/CIFS/WebDAV shares on my network? Is this a configuration issue on the peer? 2. While I often think it's just me when it's so simple, for some reason I can't get the copy function to work in the wireguard interface concerning the public key for tunnel; each time I click the highlighted "copy" under it, nothing is copied to the clipboard so nothing pastes (workaround is to highlight and Ctrl-C). Lastly, if you can address the means by which to connect wireguard through my DynamicDNS, that would be very helpful.
    Thank you.

27. It took me eight days from the time I downloaded the pfSense Wireguard package, trying several ways of getting it to work, and finally yesterday with PR#010 guidance, I got two peers working on tun_wg0 using two platforms (Win10/MX Linux). The two hiccups in my way to get it right were, understanding the AllowedIPs configuration, and doing the NAT port forward correctly with the Outbound mapping, including use of the source IP defined in the AllowedIPs. Also setting up Wireguard on the peer's computer was easier with Win10, since I was instructed to upgrade the MX Linux kernel (Debian) before fetching Wireguard, plus setting the keys and making the wg0.conf file were done via command line. This is coming along well, though I felt I was pretty backward for not getting it working in the first day or two. With respect to how long it's taking me to get VLANs/VPNs right — eight days is pretty good for me.

28. Thanks. I have set up pfSense as Wireguard client towards a VPN service. It would be great if it were possible to set a reconnection interval (roughly wg-quick down followed by wg-quick up) to get a new external IP from the provider. Is that something that you are considering?

29. How can I get this package? Is this available on the community edition? I don't see it anywhere.

30. This settings will apply to 2.5.2 WG 0.1.5?

31. Is not possible to have some kind of clients export settings as available in OpenVPN? If I have let’s say 500 peers I need to create manually one by one? 😱
    Also how do I do if my pfsense has a dynamic ip and I want to connect using a FQDN?

32. Great video, I set this up a few days ago as and it works straight out of the box. One request, any chance of adding in the current connection time for a peer in the widget?

33. Nice job. Thank you

34. Can you do a video on setting up FRR with wireguard site-to-site vpn?

35. Are there any plans to add a qr code generator into the pfsense WireGuard package?

36. Is this considered “stable” and “production-ready” now? Are we at the point I should upgrade my 2.5.0 systems, and use this instead?

37. thank you very much for the this video, amazing easy straightforward setup for a road warrior!

38. Another great video, always very informative. Congratulations on your move to NetGate. Keep up the great work!

39. Nice video! FYI — Apply Changes after clocking takes long time for me only for WG

40. Hi Christian. Great work on this. Is it possible to have two peers using 0.0.0.0/0 as their allowed ips in the same tunnel config. I had some issues getting this set up, one client would work while the other wouldnt. I ultimately created two independent tunnels but Im curious considering that I used pfsense interfaces, it I made a mistake. Thanks again.

41. I made a post on Reddit regarding site to site not working on 0.1.5 . Please take a look at it when you can.

42. Thank you so much for your WireGuard, you are the best!

43. Awesome! I had issues setting an assigned WireGuard interface as a default gateway on the first official package release because the default gateway selection didn't persist on reboots. Do you know if this is a bug and if so has it been fixed? Going into the future do you think you'll be developing this into a build of pfSense or will it always remain a package? Thanks Christian!

    Jim.

44. Hands down THE best WireGuard video on YouTube. Tom’s gonna have his work cut out for him.

45. Congratulations for the new job! Thanks for all the work

Comments are closed.