How to Install WireGuard on pfSense (Tutorial)



This tutorial takes a look at how to Install WireGuard on pfSense. The steps are clearly outlined to help you install the package, configure the tunnel, then the peer, and finally, connect using a WireGuard client.

✅ Written Instructions: https://www.wundertech.net/how-to-set-up-wireguard-on-pfsense
📌 DuckDNS Setup: https://www.wundertech.net/use-duckdns-to-set-up-ddns-on-pfsense/
📌 Clouflare DDNS Setup: https://www.wundertech.net/how-to-set-up-ddns-on-pfsense-using-cloudflare/

🔔 Subscribe for more tech related tutorials and overviews: https://link.wundertech.net/ssYt
🚀 Product Recommendations: https://link.wundertech.net/rmYt
❤️ Check out our website: https://link.wundertech.net/wtYt

DISCLAIMER: The information in this video has been self-taught through years of technical tinkering. While we do our best to provide accurate, useful information, we make no guarantee that our viewers will achieve the same level of success. WunderTech does not assume liability nor responsibility to any person or entity with respect to damage caused directly or indirectly from its content or associated media. Use at your own risk.

WunderTech is a trade name of WunderTech, LLC.

0:00 Intro & Disclaimer
0:18 WireGuard Package Install
1:00 Tunnel Configuration
2:00 Interface Setup
2:58 Firewall Rules
3:48 Peer & Client Setup
11:40 Conclusion

44 comments
  1. Excellent tutorial. If I want both a split and full tunnel, can I duplicate the configuration and just changed the allowed IPs or do I need to create a secondary peer/tunnel config with its own set of keys?

  2. A side note. If you want your Wireguard peers to access your internal network (LAN) then you don't have to create an interface for WireGuard as there is already a "WireGuard" rule tab created by the package. By default all WireGuard connections will be seen here. If you later start creating several WG tunnels and WG interfaces it gets messy unless you want to isolate the WG tunnels from each other.

  3. I cannot copy the Pre-Shared Key at WireGuard VPN Peer Configuration; the "(Copy)" seems not working. Does anyone have issue with this? Thanks

  4. I don't have a static IP, I am using DDNS, but I also can't forward any ports. Is there a way to set this up or am I going to have to use something like headscale?

  5. This video was well done!! Thanks for the time. Works like a charm EXCEPT for when I am at my work (even behind their "guest" WiFi). Any suggestions on how to get around their firewall preventing me form connecting to my WG VPN?

  6. Well done! I'm glad I found your instructions and was able to successfully setup WireGuard. Do you know what the purpose of "WireGuard" under Interface Groups is for? It's also in Firewall Rules next to Floating rules.

  7. Dude! The written instructions are excellent. I was able to fix a botched setup from another video and setup two other devices. Nicely done! Subscribed and thumbs up.

  8. Hi great vdeo! I have an issue the tunnel is working perfectly fine but i can't access any device on my lan network i can only browse the internet. Does anyone know how to solve this issue? Maybe an outbound rule issue.

  9. I want to create a DMZ at home.
    Gonna install pfsense as a "entry point" within the next days.
    Was asking myself I could have 2 VPNs: One to reach the red zone and one for the green zone.
    Looks like I found exactly what I need.

    Great explanation. No blabla – Nicely compressed information on point.
    Very good video!

  10. I previously had wireguard set up in my 192.168. by hand on a debian VM which worked flawlessly.
    No I'm migrating to pfSense but it seems like even though port forwarding is enabled on all devices and my 'pass' rules are open, traffic is not rerouted via the pfSense WAN interface to the WG interface.
    Not sure if the gateways need to be reconfigured but they look proper to me….

  11. This is an excellent tutorial I was able to get it online but i have a question. My pfsense is a cloud based that runs wireguard I just want to know i have a Softphone on my Windows PC with wireguard installed is it possible to route only my softphone traffic on wirereguard? but browsing on the internet will still use my local network

  12. THANK YOU! THANK YOU!!! Finally I got it to work!!. I tried with openvpn and followed many videos and did not work. Then I figured to try Wireguard and at the 3rd time of configuring I stumbled on your video and you explained the final settings and BAM! I was to connect remotely and use see my home network. Woot!

  13. This is excellent. It's not just a well made video, it's helping people with their security, their privacy, and their businesses. All of which genuinely makes the world a better place. Respect to you and thank you for taking the time to make this.

  14. After applying your firewall rules, I think I just lost access to my pfsense.. I can't ping it, I can't access the web-ui to add the peer. Weird. I guess I have to go back to factory defaults and setup again. 😒

  15. I started this tutorial with not much hope but the result is just amazing since it worked immediately.
    So far one of the best tutorials on the internet: Concise, to the point, fast paced (well, at my speed x1.4) and most importantly IT WORKS
    Subscribed and looking forward for other gems of interest <3

  16. Needlessly complicated. We can't use a solution unless it's almost zero-config on the user side. FortiClient is an example of good solution.

  17. great video thanks. I have a super dumb question (apologies for how stupid this is): I have everything set up but the handshake is still red

    1) endpoint: should I use my public IP address? Or do I need to creare a DDNS first?
    2) how do I access my home network in practice (url)? is it the same as the endpoint I configured or something else?

    Many thanks!

Comments are closed.