Moving from pfSense, I guess....
I have quite a lot of RoadWarriors in the field already, though.
Is it possible to "import" a keypair from another system to the OPNSense router, so that I don't have to change public keys on all my clients?
Has anyone tried this?
In OPNSense you can simply enter private key and public key when editing or creating the local wireguard interface.
Only if you dont enter a keyset, a new one will be created.
So "importing" is easy if pfSense gives you access to your keyset and can be done with copy&paste.
The same applies to existing public keys of your roadwarriors, which can be entered when defining them as endpoints.
If you have really many roadwarriors to import, there is an wireguard api https://docs.opnsense.org/development/api/plugins/wireguard.html (https://docs.opnsense.org/development/api/plugins/wireguard.html), haven't tried this yet.
Another way might be, to create a sample wireguard configuration, safe the resulting OPNSense config als xml, edit it as needed and do an restore.
Thanks for your reply.
Since my question I've had the chance to play with a OpnSense installation and it's handling of keys is indeed as flexible as you point out. So I guess it wont really be a problem.
I'm looking forward to test Wireguard on OpnSense, also the kernel-module.