How to Configure Wireguard for Remote users

[Julien]

Dear all,
couple of weeks i've strugeling on getting wireguard configured and working,
today i am going to explain how to do with screenshots.
Step 1, Go to plugin and install wireguard


Step 2
go to VPN >> Wireguard >>> and Enable it


Step 3
Go to VPN WireGuard Local, and create a Local connection.
Chose a tunnel IP.
please notte: do not enter private or public key, they will be generate automatically



Step 4
open the created local connection and save the public key / private key on a notepad you gonna need it.


Step 5
go to VPN >> Wireguard >>Endpoints and create a Endpoint " Endpoint is like a user", we will use Julien as my name for this Endpoint.


Step 6
Install Wireguard on Windows/Mac OSX, this methode works for both Windows and Mac OSX
after the installation Chose add tunnel and than Add a empty Tunnel


Step 7
copy the Public key from the Windows Client and save it at the Endpoint of the user as showed below on the picture




Step 8

Go To VPN >>> WireGuard>>> Local and add Julien to the Peer so the Endpoint would be permited to connect using the Peer " see screenshot"


Click Save, and Go back up General and Click on Save Again " see screenshot"


Step 9

Go to Interfaces >> Assigmenet and add WG0 " Wiregaurd" interface, Call it " Remote Users" or whatever you want.



PS: Dont change anything on the settings, leave it as it IPV4/IPV6 on NONE, Wireguard will take care of that part. after it done, restart wireguard service and you should see it will detect it new IP " see below picture.


Step 10,

Go to the Firewall >> Rules > And find the interface you created, mine call Remote Users and create a firewall looks like the one on the screenshot.


Go To Firewall >> Rules >> WAN and create incoming connections on the WAN Side.
PS: this rule is not restricted yet, when the connection is up you can restricted to ip/port/ect...




the Windows Client connection should looks like this.

Code: [Select]

[Interface]
Address = 10.171.1.2/31
PrivateKey = LaptopPrivKey
DNS = 10.10.1.20

[Peer]
PublicKey = OpnsensePUBLICkey
AllowedIPs = 0.0.0.0/0
Endpoint = my.ddns.example.com:51820
like this you should the connection is set up and active.



if you have a remote users using 4G/ UMTS connection maybe is smart though to use MTU

Code: [Select]

[Interface]
Address = 10.171.1.2/31
PrivateKey = LaptopPrivKey
MTU = 1380
DNS = 10.10.1.20

[Peer]
PublicKey = OpnsensePUBLICkey
AllowedIPs = 0.0.0.0/0
Endpoint = my.ddns.example.com:51820

I hope the Admin will PIN the post,

this week i will create a new tutorial how to do site to site using wireguard.

[mimugmail]

You should move it to How-To section, as 20.1 is outdated in some time

[Julien]

You should move it to How-To section, as 20.1 is outdated in some time

it works as well on 20.7,
how can i move it ?

[JohnDoe17]

Thank you for this guide!  I really appreciate you sharing this with the community.

I hope this or something built from this will be added to the official online documentation.

 

[mimugmail]

Thank you for this guide!  I really appreciate you sharing this with the community.

I hope this or something built from this will be added to the official online documentation.

 

Everyone can contribute to official docs here:
https://github.com/opnsense/docs