Navigate to: System > Firmware > Plugin
Navigate to: VPN > WireGuard > Settings > Instances
| Field | Value || --------------- | ---------------------------- || Name | Instance Name || Pub Key | The one you generated || Priv Key | In downloaded .config || Port | 51820 || Tunnel Address | AddressInConf/32 || Disable Routes | CHECKED || Gateway | Tunnel_Address (-1)* |
Navigate to: VPN > WireGuard > Settings > Peers
| Field | Value || ------------------- | ---------------------------- || Name | Peer Name || Pub Key | In downloaded .config || Allowed IPs | 0.0.0.0/0 || Endpoint Address | In downloaded .config || Endpoint Port | 51820 || Instance | The one you set up earlier || Keepalive internal | 25 |
Navigate to: VPN > WireGuard > Settings > General
Navigate to: Interfaces > Assignments > Assign a new interface
Navigate to: System > Gateways > Configuration
| Field | Value || ------------------------------- | ------------------------------------------------- || Name | GW name || Interface | wg1 || Address Family | IPv4 || IP Address | .conf > [interface] > address (-1)* || Far Gateway | CHECKED || Disable Gateway Monitoring | UNCHECKED || Monitor IP | 10.64.0.1 or one of the DNS servers |
Navigate to: Firewall > Aliases
| Field | Value || ----------------- | ---------------------------------------------- || Name | [selected hosts] - any name you want || Type | Host(s) || Content | Add the IP of each device you want to use WireGuard
Navigate to: Firewall > Rules > Floating
| Field | Value || -------------------- | ------------------------------ || Action | Pass || Quick | CHECKED || Interface | Interface(s) where your [selected hosts] live| Direction | In || TCP/IP Version | IPv4 || Protocol | Any || Source | [selected hosts] || Destination | Any || Gateway | WG Gateway || Show Advanced Features || SET local tag | NO_WAN_EGRESS |
| Field | Value || -------------------- | ------------------------------ || Action | Pass || Quick | CHECKED || Interface | Interface(s) where your [selected hosts] live| Direction | In || TCP/IP Version | IPv4 || Protocol | TCP/UDP || Source | [selected hosts] || Destination | A Mullvad DNS server: 100.64.0.X| Dst Port Range | DNS || Gateway | WG Gateway |
Navigate to: Firewall > NAT > Outbound
| Field | Value || ------------------------ | ---------------------------------------------- || Interface | WG interface || TCP/IP Version | IPv4 || Protocol | Any || Source | [selected hosts] || Src Port | Any || Destination | Any || Dst Port | Any || Translation / Target | Interface Address |
(curl https://am.i.mullvad.net/json).Content | ConvertFrom-Json
Can I ask why your routing rule is different than the one in the OPNsense docs? They have a floating rule, direction out.
If I understood properly, there is no need of rules within the actual Wireguard/VPN interface, but only in the interface where the hosts live, is that correct?Tia.