Project is coming along great and I like that the interfaces cant be modified without rebuilding each time. The Mullvad VPN setup will really be a popular use case.

Top notch! Well done! Can't wait to see it in the next pfSense version.

Wow!!! This is awesome. Thank you!

Please allow for adding an "Allowed IP" without adding routes. Our use case is specifically having a point-to-point connection and using BGP on top of that. For instance 172.30.0.1 -> 172.30.0.2 and having BGP between those two peers exchange various 10.0.0.0/24 routes. Such that traffic may appear as 10.0.0.100 -> 10.0.0.1/172.30.0.1 -> 172.30.0.2/10.0.5.1 -> 10.0.5.50. If there was no possibility to disable automatic route adding, the use cases would be diminished.

Thank you for your effort! I was actually checking how to install wireguard in openwrt because the lack of functionallity in Pfsense. Then I happily read about these great news. I am looking forward for the 2.6 release version, so I can install wireguard as a package. Oh by the way I was forgetting to ask... Will it be possible to create a NAT outbound rule, and set up a gateway in specific interfaces, so we can tunnel only on certain interfaces? as I see it is possible with for example openvpn Thanks and have a good one!

But where do you select which WAN for the WG to use?

Hello, I have a question/request. I have managed to setup WindScribe VPN on PFSense and it's working well (way less buggier than original implementation and no kernel panics lol). The problem is that it uses default gateway with no way to change the interface. With OpenVPN, you can change the interface which is used to create the tunnel. Static route can be used with endpoint address as dest network to change it to non-default gateway but then the problem is that static route doesn't support gateway group. Is there any way to route the WireGuard tunnel over gateways other than default? Thanks

Thanks ! I guess it's not advisable to install on top on 2.5.x ?