OPNsense will auto-generate these keys once we save this config.įor Listen Port, I've set this to 51820 which is the default for Wireguard. We'll leave Public Key & Private Key blank for now. Since OPNsense shows the Instance as 1 - it will create a wg interface with that instance number. In the above screenshot, I've filled in just a few details.įor Name, I've entered our virtual interface name wg1. To do this, we'll navigate to the Local tab, and click the plus icon to add a new tunnel. This will be a virtual tunnel interface that will be created as interface wg. Next we'll set up the Wireguard tunnel interface on OPNsense. We'll enable Wireguard by dropping down to VPN > WireGuard then clicking Enable and Apply A bit of bouncing between the two - but for now we'll try to complete as much as we can on the firewall side. We'll need to generate keys on the firewall, which we need to enter on the client - but we also need the client keys to enter on the firewall. There is a little bit of a chicken & egg scenario here since everything is based on cryptographic keys. Next we'll begin configuring Wireguard on the OPNsense side. Once installed, you may have to refresh the page or navigate to a new page so that the menu bar has a chance to reload. This should pull down the package & install pretty quickly. So in OPNsense, we'll navigate down to System > Firmware > Plugins, then search for wireguard and click the plus icon. By default, OPNsense will have standard IPSec & OpenVPN already available - but other VPN options can be enabled easily. To get started, first thing we will want to do is install the Wireguard plugin for OPNsense. I'll have one Windows & one Android client that we'll walk through & connect to the VPN. I will be using the reserved IP range 203.0.113.0/24 for the WAN-side addressing. So let's dig in!įor the purpose of this blog post, we'll be using the lab topology below: ![]() We'll walk through the OPNsense configuration & a few clients as well. Specifically, this configuraion will be for remote-access VPN - where clients will connect to a VPN headend. The VPN connects quicker than anything I've used in the past, and just simply works without issue.Īll that being said - I wanted to put together a quick guide on how to configure Wireguard on OPNsense. In addition, the performance & overall experience has been very positive. So far my experience has been good! I've been pleasantly suprised with how easy it is to configure & get running. I had previously been using something else for VPN connectivity back to my home network - but I heard good things about Wireguard & wanted to give it a try. One of the new things I got to try out with OPNsense was Wireguard VPN. ![]() After a few months, the device has been running well & I'm very happy with it. So in my last post, I picked up a Qotom Mini-PC to run OPNsense on.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |