Tutorial: pfsense Wireguard For Remote Access

No video

Tutorial: pfsense Wireguard For Remote Access

Рет қаралды 156,470

Күн бұрын

Our pfsense tutorials
lawrence.techn...
Getting Started Building Your Own Wireguard VPN Server
forums.lawrenc...
pfsense manual
docs.netgate.c...
Christian McDonald
pfSense Software + WireGuard Package - Project Report 011
• pfSense Software + Wir...
Connecting With Us
---------------------------------------------------
+ Hire Us For A Project: lawrencesystem...
+ Tom Twitter 🐦 / tomlawrencetech
+ Our Web Site www.lawrencesy...
+ Our Forums forums.lawrenc...
+ Instagram / lawrencesystems
+ Facebook / lawrencesystems
+ GitHub github.com/law...
+ Discord / discord
Lawrence Systems Shirts and Swag
---------------------------------------------------
►👕 lawrence.video...
AFFILIATES & REFERRAL LINKS
---------------------------------------------------
Amazon Affiliate Store
🛒 www.amazon.com...
UniFi Affiliate Link
🛒 store.ui.com?a_aid=LTS
All Of Our Affiliates that help us out and can get you discounts!
🛒 lawrencesystem...
Gear we use on Kit
🛒 kit.co/lawrenc...
Use OfferCode LTSERVICES to get 5% off your order at
🛒 lawrence.video...
Digital Ocean Offer Code
🛒 m.do.co/c/85de...
HostiFi UniFi Cloud Hosting Service
🛒 hostifi.net/?v...
Protect you privacy with a VPN from Private Internet Access
🛒 www.privateint...
Patreon
💰 / lawrencesystems
⏱️ Timestamps ⏱️
00:00 pfsense Wireguard remote access
02:30 pfsense Wireguard Documentation
03:00 Lab Setup
05:31 Install Wiregaurd Package
06:05 Wireguard Firewall Rules
07:02 Creating Wireguard Tunnel
08:46 WAN Wireguard Rule
09:22 Wireguard Outbound NAT Rule
11:03 Adding Peers
11:44 Configuring Linux Peer
16:00 Configuring Windows Peer
19:52 Split VS Full Tunnel
22:19 Wireguard Troubleshooting
#Wireguard #pfsense #VPN

Пікірлер: 166

@LAWRENCESYSTEMS 2 жыл бұрын

Our pfsense tutorials lawrence.technology/pfsense/ Getting Started Building Your Own Wireguard VPN Server forums.lawrencesystems.com/t/getting-started-building-your-own-wireguard-vpn-server/7425 pfsense manual docs.netgate.com/pfsense/en/latest/vpn/wireguard/index.html Christian McDonald pfSense Software + WireGuard Package - Project Report 011 kzbin.info/www/bejne/gWaYm4NuZcmCgq8 ⏱ Timestamps ⏱ 00:00 pfsense wireguard remote access 02:30 pfsense wireguard Documentation 03:00 Lab Setup 05:31 Install Wiregaurd Package 06:05 Wiregaurd Firewall Rules 07:02 Creating Wireguard Tunnel 08:46 WAN Wireguard Rule 09:22 Wireguard Outbound NAT Rule 11:03 Adding Peers 11:44 Configuring Linux Peer 16:00 Configuring Windows Peer 19:52 Split VS Full Tunnel 22:19 Wireguard Troubleshooting

@RelentlessCuriousity Жыл бұрын

Not an entirely clear what is going and what hosts you are trying to connect. I think you should point out that you are connecting one peer to another. This video is nice but far from a clear explanation. You are taking advantage of your extensive (implied) knowledge and assuming this without explicitly making that clear. I see you have a relatively clearer description on the webpage.

@billybishop3099 8 ай бұрын

Just wanted to say that I've been struggling with getting Wireguard set up (on and off) for at least a year. Followed this guide and its been running perfectly for the last two days! Love all of your content and guides and not sure why I didn't think of following this one earlier. Thank you so much!!!!

@konstantin9163 2 жыл бұрын

I used the user manual and suffered a little until I realized what was what. Therefore, I love to watch videos in which they show all the steps that are needed and without unnecessary actions)) Thank you for the video.

@martinpippo5200 11 күн бұрын

Thank you Tom! I'm used to follow you but for this setup I followed another youtuber's tutorial... and didn't work. returned here and now I have it working. you are the best!

@sparkylabs5696 2 жыл бұрын

Thank you for the time you invested into creating and sharing this. I watched on my treadmill and I see a lot of usefulness for it! Great Job!

@stephendetomasi1701 2 жыл бұрын

Setting up wireguard on a treadmill? That's one way to get it running... I'll see myself out

@matthewlyons9272 2 жыл бұрын

Man, I love your channel but this video has just solidified it. Simple, thorough explanation for how to set up pfSense Wireguard. Ive been working on this for awhile and didn't fully understand WG, but you fixed that for me! Love it. Cant upvote enough. Thank you!

@CarlosVillarroelQuilahuilque 2 жыл бұрын

Excellent tutorial... thank you very much, it has helped me a lot; i managed to connect my android phone with my PFSENSE. Despite not understanding much English (besides, you speak very fast, hahaha), with the youtube subtitles and the examples in the video they helped me to achieve my goal. An affectionate greeting from Punta Arenas - Chile.

@Mpeddicord Жыл бұрын

Excellent! Thanks very much. Super easy to follow. I was banging my head against this and my head hurts.

@JustinShaedo Жыл бұрын

7:33 - in video there is option to add interface configuration which is slightly different on new versions, and if you have already created and linked an interface. to create an interface, first create the tunnel and save (As per video) then: Interface -> Assignments -> under Available networks drop-down, should have 'tun_wg0(tun_wg0)' as option Fill in details as per the interface section in the video.

@whirledpeaz1 2 жыл бұрын

Thank you very much for this video. Used it to connect my phone to pfsense. Messed up typing the keys manually the first time... and set the video playback at .75 speed to catch all that was said.

@westcoastpyro9769 Жыл бұрын

Thanks for the great video! This got me going in under an hour when I had to leave town and really needed to have access to my home network while gone. Your vids are really easy to follow and extremely helpful

@mikeloose9270 Жыл бұрын

Thank you! Great explanation - helped me get past some hurdles. Love all the content you put out.

@Rottweilerz 2 жыл бұрын

Excited to replace my home router with a custom built one running pfsense. I was just in the process of figuring out what VPN to use and this popped up in my feed. Thanks for sharing!!

@doveshouse 2 жыл бұрын

what I used to do was simply remote SSH to my SSH server on my home network using putty... and set the putty client to forward ports of particular interest... My internal home devices all had static IPs so I always knew what IP address and port I wanted to forward.... was that bad or insecure?

@Qorn57 2 жыл бұрын

Hey Tom, just want to start with a huge thank you for the hours of content you put on here, it's not only entertaining but extremely helpful! I don't know if it's a bug, but I was struggling to connect a windows client over a mobile hotspot. I was getting constant log entries of handshakes did not complete. The configuration was confirmed as working when importing onto an android device but refused to work in the windows wireguard. The solution was to create a NAT from WAN to localhost (with the associated firewall rule), instead of the single rule (WAN allow UDP port...) within the firewall rules. I hope that makes sense?

@rayyanthamim 2 жыл бұрын

by adding interface I have fixed this issue

@AM-rd7ls Жыл бұрын

same here, added via interfaces > assignments > tun_wg0 (OPTx) but this creates two rules "Wireguard" (default) and "Wireguard" (OPTx)

@nickf3242 2 жыл бұрын

This is awesome. I needed this as I'm getting back into pfsense again. Played from 2016ish to Dec 2019 with a functional machine as my home router. I moved right before Covid and didn't have control over the internet in the new place. Anyways, I'm just a novice enthusiast user and I'd like to request for your "pfsense to pfsense" video... one of my main goals was to build a portable pfsense (with AP) box I could plug in at a family member's/friend's house or hotel that connects to my home pfsense (via VPN), ideally automatically, so its just like I'm on my home network and have access to everything without having to configure all my traveling devices individually (which I don't mind doin). But would love that all-in-one solution partly to build and learn but also convenience or to get around hotel restrictions/control. Thanks for all the info and tutorials on pfsense you provide to the community :)

@mlg779 3 ай бұрын

you have the best PfSense videos.

@rpsmith 2 жыл бұрын

Thanks Tom! I've been waiting for this exact video to get WG up and running.

@skorpion1298 2 жыл бұрын

This helped a lot! I accidentally pasted the wrong public key into my Ubuntu and nothing worked. After looking for 30 minutes I thought about every step again and found the error. Now it's working :)

@Dev_skoll 2 жыл бұрын

Been a Palo Alto fan since working in gov, but by watching your videos, pfsense has been proven a really fantastic alternative!

@adamclark5880 2 жыл бұрын

Don’t think I could ever let pfSense go… Wonderful solution! Ty for the video!

@blackmennewstyle 2 жыл бұрын

That's pretty cool feature :) Have a great week ahead and keep it up the great job

@JuanLopez-db4cc 2 жыл бұрын

Wonderful video. Thanks Tom. Was looking forward to this video for a while.

@TulioCamargo179 2 жыл бұрын

Thank you Tom, great tutorial video, as always. Thank you very much!

@neonicacid 2 жыл бұрын

Tom - Thanks again for another great video. I'll definitely refer back to this when I need to set up external access. Not sure if you're planning on releasing a video similar to Christian's about setting up Wireguard access to a VPN provider (or at least troubleshooting steps), but I've been having at least one strange issue there. I've got the Wireguard tunnel set up and peer added for the endpoint (Sweden, for example) and all the traffic is passing fine. However, if I modify the same peer to go to a different location, like Mexico, Wireguard seems to hold on to the old peer information and connects to Sweden again. I've tried restarting Wireguard and the appliance, enabling/disabling the WG interface, but nothing seems to drop that hold aside from making a new peer from scratch. It's not a huge issue, since all the traffic is still going out encrypted, but I'm used to simply changing the OpenVPN endpoint and it going to the new location without hassle. Any thoughts on what might cause this or how to mitigate it? Thanks so much!

@pakxo. 2 жыл бұрын

VERY NICE, at the exact day I needed this tutorial! Thanks Lawrence!

@robinjohansson8552 6 ай бұрын

Didnt work for my iPhone, watched the video 5 times now and even exported the config file from pfsense and uploaded it to Wireguard app on iPhone. I'll probably have to do IPsec. Have had problems with both openvpn and wireguard.. Would love a IPsec tutorial that will work for Apple devices, eg iPhone, iPad and Mac.

@bibeltours 2 жыл бұрын

IT WORKS! FINALLY! Thank you for that video. I also forgot that one firewall rule.

@nickharvey5149 2 жыл бұрын

Thanks Tom; I hope this gets more straightforward as it gets to the production version. My brain is spinning having watched this! Is there a major speed increase for remote users dialling to WG, versus oVPN?

@daniellunateel 2 жыл бұрын

Wireguard is significantly faster, reaching almost native IPSec speeds, but it lacks other features like user management and centralized control. Each user would have to configure their wireguard with your server information, provide you a public key, and then you'd have to add that to the server. Whereas in OpenVPN you just send people a certificate they add.

@icedutah 2 жыл бұрын

@@daniellunateel isn't it just as easy as openvpn? Just send the wireguard home users the configuration file to import in. Then it's ready to connect.

@daniellunateel 2 жыл бұрын

@@icedutah no because you need the users public key to add it in router

@PowerUsr1 2 жыл бұрын

@@icedutah lol no...imagine talking end users into copying/pasting the key and some include white spaces. Or they put in the wrong IP. Or you just want to know at what time a user logged into the VPN - there is no way to find out. Thats why other vendors, PIA or Nord, implement their custom user authentication overlay because wireguard is just a protocol at the end of the day.

@cyrilmaman6888 5 ай бұрын

Great ! You solved my bugs, thank you Lawrence 🍻

@joseanrodriguez3273 9 ай бұрын

Thank you for the video, I would like to know if it´s possible to forward a port from internet (WAN) to Lab Linux in case is hosting a web for example

@terrycarr7983 2 жыл бұрын

Hello Lawrence, I just wanted to say you're a great network teacher! I use to have a edgerouter and switched to pfSense because of your knowledge and videos. I'm new to pfSense and can't decide which VPN server I would like to run on pfSense. I just need the VPN to access my LAN when I not home. So is wireguard faster than openVPN? Thank you in advance.

@LAWRENCESYSTEMS 2 жыл бұрын

Thanks and Wireguard is fine

@JWoelpl 3 ай бұрын

Hello, wondweful tutorial! Does it work with multi-wan in load balance mode? If so how to configure the gateway?

@paulnye7787 Жыл бұрын

Im new to VPN. I am setting up remote access for staff to RDP to computers inside the private network behind the pfsence. Do I have to create a peer entry for each remote user and generate a public key on each remote device, ie laptop or iPad etc?

@charlesshipman 2 жыл бұрын

Is it better to run Wireguard on my Netgate 1100 as the pfSense package, or using PiVPN on a separate Raspberry Pi? Other than eliminating the Added Pi device are there other benefits? PiVPN is much easier to set up with the QR code profiles. I am curious which would perform better.

@SamMiorelli Жыл бұрын

I have two troubles with this still: (1) the standard setup stuff seems to work well on Android phones, but never seems to work for iPhones. Has anyone run into this? and (2) I run a local DNS Unbound Resolver and block all other DNS outbound. But having a lot of trouble getting devices that connect in via Wireguard to get their DNS from Unbound on the pfsense. Any ideas?

@woswasdenni1914 11 ай бұрын

interface on client should also be /32. its a plain point to point connection

@elmsroth8850 10 ай бұрын

Hi ! Say I have a local router that can handle a Wireguard config. I am not able to modify the local LAN network config so my local router is a passive gateway in order to juste be able to connect to this network from outside (with a 4G connection). I would like to be able to reach a local resource with NAT rules over using wireguard through my local router, is it possible ?

@ChristianMcDonald 2 жыл бұрын

Great video!

@LAWRENCESYSTEMS 2 жыл бұрын

Thanks! Hope i got it all correct, been following your videos to make sure I understand it all.

@vissago 2 жыл бұрын

for your site to site vid coming up - it may be worth mentioning that there's this glaring bug under the hood with pfsense which netgate is saying is a bsd issue preventing people from opening a port on the far end of a site to site tunnel and trying to do port forwarding across the tunnel. the return traffic will get sent out the default gateway, not back across the vpn link. I have had to do super gross, dumb, hacky things to get around this, but its probably worth mentioning! :D

@LAWRENCESYSTEMS 2 жыл бұрын

Got a forum post or bug report you can link reference for it?

@vissago 2 жыл бұрын

@@LAWRENCESYSTEMS Sorta - your staffmember Eric - him and I spent literally hours on it on the phone

@camaycama7479 2 жыл бұрын

Hopefully I'll get it to work on OPNsense as well! ..... ... Thank you for this share!

@McDouglasAlexander 2 жыл бұрын

Anyone having issues with your clients not connecting to the pfSense? Receiving Handshake for peer did not complete? Try using a different port other than 51820 or 51420. I used ones that are already allocated for different services (Port 500) and it started working. Turns out my ISP is blocking UDP traffic on 51820/51420. I also tried things like port 52 and it still blocked it. I changed it to 53 and everything started working. I changed it to 500 as I didn't like the idea of using the DNS port. Hopefully this saves someone some frustration in the future.

@JohnPMiller Жыл бұрын

It would be helpful to post the name of your ISP. I'm not having that problem, but it could help others.

@michaelchristya 4 ай бұрын

Great tutorial, save me lots of time. However I can't connect to my TruNAS Scale, any tips Tom?

@BGH2023 Жыл бұрын

Good day sir! would like to ask how did you get the package its because i installed the package however its only EXPERIMENTAL.. i dont have the 2 package below or i think its not complete

@lexsolucoesemt.i 2 ай бұрын

parabens irmão pelo exelente conteudo, to usando o rust desk TOP!

@ryanbell85 2 жыл бұрын

Any additional configuration to enable local DNS in this setup?

@ViktorWingqvist 2 жыл бұрын

Did you manage to find anything on this?

@ryanbell85 2 жыл бұрын

@@ViktorWingqvist Nope, I could probably update my host file on the local machine to work that way but I never had any luck using my PFSense DNS over WireGuard.

@mauricioviana172 2 жыл бұрын

Hey matee, very grateful for the videos, congratulations, but I have a doubt, can you tell me that there is a difference in speed between point-to-point open vpn and remote client access? Big hug!

@rapiddave9313 Жыл бұрын

Did you ever make a video for site to site with wireguard in PFsense?

@anastassiosroumboutsos8288 9 ай бұрын

Fantastic guide. Many thanks!

@macky10229 Жыл бұрын

Nice video mate. Keep it up I do have a question my pfsense wireguard was hosted on a cloud Vultr.. Im concerned that my download and upload speed is bad less than 10Mbps.. I already disabled the Hardware Checksum Offloading Hardware TCP Segmentation Offloading but still getting slow results.. Any ideas?

@yogi8berra 2 жыл бұрын

I have installed the WireGuard "server" on my pFsense 5100 and the clients on my Windows laptop and iPhone. Both clients can connect to my pFSense 5100 from outside of the network. However, I cannot or ping to any service or device internal or external on or by way of the pFsense. For example, I cannot connect to ping my printer or file server from outside of the network. I configured pfsense ,laptop and iPhone multiple times and still the same symptoms. Where should I focus my debugging? Just to confirm the client ip ARE X,X,X,Y/32

@LAWRENCESYSTEMS 2 жыл бұрын

Make sure you have all the routes to the networks that you want to get in the setup as I do in the video and for testing put in an allow all rule.

@mrmotofy Жыл бұрын

Maybe wrong setting described at 9:38 or so in the vid

@rooster3592 2 жыл бұрын

Really cool, thx for the vid showing how to set it up!

@NicolaiSyvertsen 2 жыл бұрын

pfsense ipsec and openvpn implementation is pretty bad but with the wireguard experimental package I get full speed

@dapersico 2 жыл бұрын

Is there a way to stop local clients from connecting and only allow remote Wireguard connections?

@Jellman86 2 жыл бұрын

Thank's for this, all set up now.

@MarkKam 2 жыл бұрын

Thank you for the video! It has been really helpful. How would I go about configuring this for a home lab with dynamic WAN IP?

@LAWRENCESYSTEMS 2 жыл бұрын

Use dynamic DNS

@NinthwaveThe 2 жыл бұрын

I was not able To configure it for my cell phone like I was with the OpenVPN vidéo.

@Marco-rj3wv 6 ай бұрын

You are a life saver!

@hugovlsilva Жыл бұрын

Thank you for making this tutorial!

@kittysaywut Жыл бұрын

Hi, how would you setup a Peer in PFsense for one of those GL Inet travel routers?

@LAWRENCESYSTEMS Жыл бұрын

Dunno, never used a GL Travel router.

@chrispontiga Жыл бұрын

Thanks for this. It was really helpful.

@psycl0ptic 2 жыл бұрын

once the wg server end point times out - without using keep alive - does it reestablish the link once traffic to one of the allowed networks is detected? eg, client attempt to access a remote file share. Just trying to determine if the end user has to reconnect the VPN manually, or if it just reestablishes it on it's own?

@LAWRENCESYSTEMS 2 жыл бұрын

Yes, wireguard automatically reconnects

@hprompt166 Жыл бұрын

Hi There, Great video as usual. Running pfsense 2.6.0 with wireguard VPN. I have successfully setup my windows, mac and linux devices. I'm trying to configure my Pixel 6 android phone that runs version 13 and it never connects. and ideas on what to look at? thanks

@clashroyaledah6820 Жыл бұрын

would be nice to have a client export as Openvpn has.

@iamborg3of9 2 жыл бұрын

so you have to set up a peer for every host on the network? with openvpn, I can use my phone to get to any device on my network, no configuration needed on the clients except to let me in the front door. is that not possible with wiregaurd?

@LAWRENCESYSTEMS 2 жыл бұрын

Yes, that i how Wireguard works.

@niallthebomb 2 жыл бұрын

Thanks Tom. Another great tutorial. Is there a way to introduce some form of 2FA into the remote connection? Just concerned about remote users connecting from home and their home network is compromised. At least Openvpn allows for a password prompt?

@LAWRENCESYSTEMS 2 жыл бұрын

As i said in the beginning, this IS NOT an alternative to OpenVPN if you need a user manage ,2fa, or any user type management.

@niallthebomb 2 жыл бұрын

@@LAWRENCESYSTEMS Sorry Tom. I must have missed that. I'll go to the back of the class....like the good auld days :)

@GarethOakes 2 жыл бұрын

Thanks, worked first time!

@fastshuther 4 ай бұрын

full tunnel doesn't want to give me connection, don't know if it's the dns (adblocker) i have I'm confused and don't know how to make a full tunnel

@Shambolicoholic 2 жыл бұрын

Been meaning to do this for months... This will help me get off my ass, lol. thanks!

@eamonnmcaleer1357 2 жыл бұрын

Any chance of a an IOS tutorial can’t seem to find one that is fully fleshed out? Loving the content, keep up the good work.

@LAWRENCESYSTEMS 2 жыл бұрын

I don't have an iPhone but as best I can tell it works the same in IOS and Adroid.

@JxckSweeney 2 жыл бұрын

I can't connect to the pfsense DNS resolver from WG even after adding a interface for the indiv tunnel and firewall and adding it to the DNS resolver.

@ChristianMcDonald 2 жыл бұрын

Can you confirm that the WireGuard ACL is being created for Unbound?

@arturobgz Жыл бұрын

You saved me a lot of time, thank you 🙂

@mjcantwell6420 2 жыл бұрын

Thanks for the great video. We are trying to have remote servers (running as WireGuard clients) act as back up targets. The server connect fine and have no issues talking from the remote location in. Ping works from local lan but we cannot establish any real bidirectional traffic. Is there rooting magic or gateway required like a site to site vpn?

@LAWRENCESYSTEMS 2 жыл бұрын

Yes, here you go kzbin.info/www/bejne/aKDIaKWKgqugp8U

@sopota6469 2 жыл бұрын

@@LAWRENCESYSTEMS Thanks, I was setting up something like that

@bitterrotten 2 жыл бұрын

We're scoffing at shoulder surfing and people being able to remember character strings but everyone has a camera built into a cell phone that's permanently attached to their hand.

@johnroz 2 жыл бұрын

How could I get airplay lan devices to be seen by Wireguard clients? Avahi didn’t work.

@LAWRENCESYSTEMS 2 жыл бұрын

Not sure if that is possible

@Felix-ve9hs 2 жыл бұрын

You might want to change the "Wiregaurd" in the title :^)

@LAWRENCESYSTEMS 2 жыл бұрын

Thanks, sometimes words are hard

@BenMDepew 2 жыл бұрын

This is pretty cool. Thanks!

@MrArp220 2 жыл бұрын

thank you. I have a request ... Some sites are filtered for my country. I am going to connect my pfsense to external vpn service that I have on a server in America, and the traffic of sites that are filtered will pass through this way. how can i do ? please ...

@LAWRENCESYSTEMS 2 жыл бұрын

kzbin.info/www/bejne/q521mJiZr5WIqbM

@thomasgabriel9634 2 жыл бұрын

Hi. I might have a stupid question. I get the tunnel/handshake established and FW rule done. But no traffic is routed anywhere. Do you have an idea where to start troubleshooting?

@LAWRENCESYSTEMS 2 жыл бұрын

start pinging things see what responds.

@thomasgabriel9634 2 жыл бұрын

@@LAWRENCESYSTEMS thats the thing. not even the Gateway.

@TempleKa 2 жыл бұрын

Don't know if it's bug in pfSense 2.6 or something on my side but I can't use a pre-shared key. I can generate it but the copy link is bugged and nothing gets copied so I don't know what it is. Still it works at least with just the public key.

@McDouglasAlexander 2 жыл бұрын

Go into the VPN/WireGuard/Settings and disable the "Hide" options. This will let you see and copy the Pre-shared Key.

@mrmotofy Жыл бұрын

Maybe a solution? VPN wireguard key no copy issue- Go into the VPN/WireGuard/Settings and disable the "Hide" options. This will let you see and copy the Pre-shared Key.

@zenmaster24 2 жыл бұрын

is there any way to use a dhcp assigned address for a client? seems like a big hassle to have to manage every client by statically adding their ip

@GarethOakes 2 жыл бұрын

I agree, bit of a pain, and the wg-dynamic project is stalled.

@Miles-Oldenburger 2 жыл бұрын

Do you have a guide/video on not having any internet once wireguard connects? I've tried everything and I'm still struggling... Keys are correct, I've checked tx and rx, I've checked endpoints, dns and more. Still no internet once connected...

@LAWRENCESYSTEMS 2 жыл бұрын

You must have missed a step, not sure what step though.

@GlennCoco77 2 жыл бұрын

Did you ever figure this out? I'm struggling.

@tac73 2 жыл бұрын

I installed WireGuard on a NETGATE SG-1100, configured everything, just as I did on a SG-3100. On the 1100, I get a message stating, The WireGuard service is not running. Okay! How do I make it run?

@LAWRENCESYSTEMS 2 жыл бұрын

Have you gone into "Settings" and enabled it?

@tac73 2 жыл бұрын

@@LAWRENCESYSTEMS Oh my God! Thanks Tom! Geeeezzzz!!!

@srisiriopulence4861 2 жыл бұрын

Do you have to forward 51820 port on a router to get pass through to pfsense server?

@britexpat_l33t Жыл бұрын

No. You create a WAN rule to authorise port 51820 to hit the WAN interface.

@RayBitton 2 жыл бұрын

I love Wireguard!

@joeyp978 2 жыл бұрын

What changes if we do not have a static IP and use DDNS? Is it possible to still configure this way? Thanks!

@LAWRENCESYSTEMS 2 жыл бұрын

Yes

@joeyp978 2 жыл бұрын

@@LAWRENCESYSTEMS I love you

@fredresource2661 3 ай бұрын

Great vid! thanks

@rollinthedice7355 2 жыл бұрын

I'm gutted that it's now package, I know it doesn't bother most people but I'm really not a fan of packages in pfSense. I do love WireGuard though. The argument for the kernel-module being able to be updated more quickly isn't valid. It's not meant to get regular crypo updates (maybe every 5-8 years or so), hence why it was originally built right into the pfSense build first time around before the kernel implementation issues came to light.

@LAWRENCESYSTEMS 2 жыл бұрын

You are misunderstanding why it's better as a package, it makes adding more features to the wireguard system itself without having to have a point release of pfsense.

@ChristianMcDonald 2 жыл бұрын

Like Tom said, it isn't just about the kernel module, but the benefits definitely outweigh the downsides. Either way you slice it, kernel loadable modules are the standard way of doing things like this, you can either distribute the module bundled with the OS or installed via ports or packages...in either case, there is funtionally no difference, well there is a difference where the ko binary is stored on disk (/boot/kernel or /boot/modules), but that's about it. Monolithic architectures are dead.

@hnguk 2 жыл бұрын

The only question I have in relation to this is the ability to use this for mobile devices to connect. Is that possible as of the current moment?

@LAWRENCESYSTEMS 2 жыл бұрын

Works fine

@hnguk 2 жыл бұрын

@@LAWRENCESYSTEMS Hopefully a QR code/download config option will be available soon. Currently the process is rather manual and the Netgate docs are not the best either.

@tactical_hen 2 жыл бұрын

I recall they removed it due to sloppy implementation for bsd that had security issues. Did it undergo any security review?

@LAWRENCESYSTEMS 2 жыл бұрын

It has been reviewed and re-implemented.

@tactical_hen 2 жыл бұрын

Excellent, I'll give it a try 💪

@carlogiga 2 жыл бұрын

Hi, what's the name of the tool used to draw network scheme? Thanks in advance.

@LAWRENCESYSTEMS 2 жыл бұрын

kzbin.info/www/bejne/o6GpYpxvqMt4gJI

@carlogiga 2 жыл бұрын

@@LAWRENCESYSTEMS Thanks!

@rockyroger 2 жыл бұрын

Thanks so much!

@helderferreira7709 2 жыл бұрын

Great, thanks!

@Arkhaic333 2 жыл бұрын

Thank you!

@gogosst 2 жыл бұрын

Please make video for setup standalone suricata!

@LAWRENCESYSTEMS 2 жыл бұрын

kzbin.info/www/bejne/iWGQp6agnbV3hJI

@gogosst 2 жыл бұрын

@@LAWRENCESYSTEMS yes I saw this!! It's on the pfsense package.

@aytacdede81 Жыл бұрын

can i port forward to let from pfsense wan to wireguard vpn host ?

@LAWRENCESYSTEMS Жыл бұрын

don't think so

@aytacdede81 Жыл бұрын

@@LAWRENCESYSTEMS anyway todo ? port forwarding through vpn ! ?

@intertan 2 жыл бұрын

what software is that to switch between OS

@LAWRENCESYSTEMS 2 жыл бұрын

I am using POP_OS!

@abdelilah_hmidani 2 жыл бұрын

great thanks for video

@eralixo 11 ай бұрын

you rock !!!

@menash41 2 жыл бұрын

Untangle wireguard seems much simpler

@LAWRENCESYSTEMS 2 жыл бұрын

I hope pfsense puts in the QR code, that makes the phone setup so simple.