Это видео недоступно.
Сожалеем об этом.
COMPLETE WireGuard on PFsense 2.7 Setup - Covering Windows, Mac, & Mobile + DuckDNS & Firewall 2024
HTML-код
- Опубликовано: 15 авг 2024
- Unlock the full potential of secure and high-speed VPN connections with our comprehensive guide to setting up WireGuard on PFsense 2.7, tailored for 2024. In this detailed tutorial, we delve into configuring WireGuard on the latest version of PFsense, ensuring you can establish a robust VPN connection regardless of your device. Whether you're using Windows, macOS, Linux, or Android, we've got you covered with step-by-step instructions that make the setup process seamless and straightforward.
Not only do we guide you through the initial setup, but we also provide essential tips on configuring firewall rules to enhance security and ensure optimal performance. From understanding the basics of WireGuard and PFsense to advanced configuration techniques, this video is your all-encompassing resource for creating a secure, efficient VPN network.
Perfect for both beginners and seasoned professionals, our tutorial is designed to empower you with the knowledge and skills to leverage WireGuard on PFsense 2.7 effectively. By the end of this video, you'll have a fully functional VPN setup, complete with robust security measures, ready to protect your online activities across multiple platforms. Don't miss out on these valuable insights and tips-start enhancing your network's security and performance today!
Transform your home network with pfSense - • Transform Your Home Ne...
#pfsense #wireguard #tutorial
0:00 Intro
1:43 Wireguard Server
3:30 Firewall Rules
5:33 Wireguard client (Desktop)
11:20 Duck DNS Setup
12:32 Wireguard on Mobile
14:47 Outro
We are very fortunate as viewers to have this info taught so clearly and concisely, for free! Thanks so much
You are too kind mate! Thank you for the support 🙂🙂
You're the guy. These are the kind of tutorials I like. Detailed and straight to the point. I'll keep coming to your channel. Liked and subscribed. I never activate the notifications bell but I am making an exception here. Great job!
Found you like a week ago and love the content. You make it easy to learn.
Great Video! Straight to the point, easy to understand and not dragging the information out just for a longer video with confusing instructions like many others I saw when trying to get this to work, Your directions were spot on! Thank You very much!! I have see a few other of your videos and you just got a new sub! Keep up the good work!
Clear and working instructions. I got my WG running on the first pass of configuration. Bravo.
Love it! Thanks for the support :)
Thanks it worked!! I followed "L systems" tutorial last night on this and I got flabbergasted by the speed and rapid clicks, your tutorial is clean and simple to follow! 😊
I love your videos. I have been following you since your first pfsense video.
Thank you so much mate and for all your support! :)
Another goldmine of a video! Absolutely loved the content, it's so engaging and informative. Keep up the fantastic work, can't wait to see more from your channel, mate! ❤
this is very informative and the topic was discussed smoothly
This is just awesome! I have been looking for this for sometime and couldn't find a good site to follow- thanks a lot for this- please make a detail video on pfsenseNG, as well as make a short video on building an enterprise environment in Azure using pfsense as FW and VMs behind it. Thanks a lot! Keep making good videos!!!
thanks for the support and feedback mate! I've taken note of your suggestions which are great btw!!
I just started for PFsense a week ago. thx for the vid bro
Great Video! Got my Wireguard running with it on my pfsense. But your Video lacks one important configuration step. If someone (like me) wants to redirect all internet-traffic of the mobile devices, like a phone or notebook, over the pfsense, it is not only mandatory to set allowed IP-Adresses on mobile devices configuration file to 0.0.0.0/0 but also to define in pfsense on "Firewall / NAT / Outbound" a "Mappings"-Rule for the Source IP's of the Wireguard-Net and set the "Outbound NAT Mode" to "Hybrid Outbound NAT rule generation.(Automatic Outbound NAT + rules below)".Otherwise the traffic of the mobile devces wont be forwarded to the internet and its impssube to get any internetaccess during WIreguard-connection is established.
very good tutorial. tyvm. keep it up
Thanks, Its working on split tunnel, but NOT Working on full tunnel. I use AllowedIPs=0.0.0.0/0
You need to add a NAT rule
@@francois584 You rock! Thanks for posting this hint!
Thanks it worked!
Sweet!!! :)
Nice video tutorial! Personally I hate wireguard. Speeds are great however the fact you need to generate keys for every client/device sucks. Openvpn is great to set and forget at the router. You shouldn't have to go through all this trouble for every device connected to your router it defeats the purpose of having a VPN router
That's a very fair point! It can be a pain in the ass to grant and revoke keys all the bloody time! Also I believe you can integrate OpenVPN with ADFS and manage authentication that way! For my home lab (and given I am the only user as the missus is alergic to computers) is good enough! :D Thanks for watching! :)
Tailscale is a thing, but the initial authantication goes through them so technically not as secure
Awesome, here is a challenge. How about you configure WireG to operate with dynamic peers? I couldn't find any resource about that
Thanks.
Thanks I love your video. I have cgnat connection, can wireguard overcome this ?
On my system 2.7.2 this is not working. Tunnel is up, no route to private network under Windows 11. Wireguard is boring on installation. OpenVPN on pfsense is plug & play.
Great video, very clear!
One question: So I have the server (pfsense) and client (android phone) all set up and the handshake is good. Now what? How do I access my network? I mean, this supposedly creates a tunnel to the pfsense box, but how does that translate to giving me access to the rest of my LAN from outside? This is the part that never seems to be covered in any video or tutorial that I see. Can you elaborate? For example, now I want to use my network browser app on my phone to see the shared media on my local server at home. How would I do that using this setup?
14:14 Allowed IP ranges.
Great great job! I'm being watch your videos and all of them are awesome. I used wireguard with homeassistant in the past without any issue. Since I migrate all my network to pfsense, I stoped use wireguard for a while, until today. Now I can remotly access to my networks with your help. Anyway and because my ISP refuse provide bridge service, I link the ISP modem/router through DMZ to my pfsense box. In that case the pfsense WAN interface has a private IP, but in the wireguard client configuration I setup with the Public IP. It's fine that way or should I change the endpoint IP for the WAN private IP? TKS in advance for your comments
First of all thanks for watching and for the support msg! If I understood correctly, it's fine to have a private IP assigned to the WAN and to use that with wireguard. I think i the video that's what I did. If you have the option to choose, I would rather have the modem in bridge mode (cable modem only) and place pfsense between the WAN and LAN as that's the correct way to place the firewall. I also don't think you need the DMZ, you can simply disable the DHCP Server (if you have that option) in the modem, and let your pfsense box assume the role of dhcp server. You will run into double NAT, but it's more secure than going through the DMZ (if I understood correctly). Since DHCP is layer 3, if you disable the DHCP, the modem will still work at switch level and you can also use the wireless. I hope this helps mate, but happy to stand corrected if I didn't understand your question! :)
@@DigitalMirrorComputing tks yr quickly reply. In general u got the real picture of my infraestructure, but some other questions arises to me.
the main question it's if the endpointin of the WG setup is the public ip got from ISP modem/router or the private IP from the LAN side of ISP router which feed to my WAN pfsense box?
Related of the way I bridged the out/in traffic with DMZ configuration, it was to avoid the 2xNAT, and dont delay the traffic. but perharps this is too strict and it will not have any visible effect on the private network. by security reasons If I have to live with double nat, so it will be. In the other hand, I really trust in to pfsense firewall. Sometimes the best is the enemy of the good.
When i use wireguard on pfsense and when i do speedtest,it crash the pfsense unit. Can not possible to internet. What can be issue?
check your memory and cpu with htop or top. Your filesystem might also be corrupted. I would reinstall the whole thing from fresh! Good luck mate!
@@DigitalMirrorComputing Thanks for the answer. Will check:)
can you help me, its not working. maybe i cant copy the pre shared key and cant type it in the wireguard note in windows. all in all i followed your tuts
Copy key buttons only work in HTTPS mode
was just to ask how about tailscale since its built on top of wireguard as well. RIght now I'm using taiscale and setup a rpi 4 as a tailscale exit node and router so that I can still access hosts on my LAN that can't install a VPN client software
Competely understand the "layers" thing but for my purposes tailscale is fine and I don't have to open a port on my wan
@@xheezy Oh totally mate, Tailscale is great and simplifies wireguard a lot! If it fits your purpose why change right! :)) I might do a video on it as well as there some good benefits for using it!
I use Zerotier. Might test this out once I finally get my Opnsense up and runnning, but I rarely need to access anything when I'm away from home, and 99% of the time just one box. Really enjoy the videos.
how guide VPN Wireguard and connect close ip public yes final network ip see VPN yes router "PFSENSE"
how do u intstall pfSense in MacBook Sonoma?
Does the macbook has 2 nic? If it only has one, you "can't" do it!
One question, if you have local domains on let's say office network like laptop01.local, Wireguard cannot resolve those, and you could need your laptop01 actual IP address...any idea how to work around that?