Documentation
pfSense Documentation - Configuration and Administration Guides
pfSense VPN - IPsec, OpenVPN, and WireGuard Tunnels
pfSense WireGuard VPN - Modern VPN Protocol

pfSense WireGuard VPN - Modern VPN Protocol

WireGuard is a modern VPN protocol that operates at the kernel level and delivers minimal latency for data transmission. The protocol uses a fixed set of cryptographic primitives (Curve25519, ChaCha20, Poly1305, BLAKE2s) and does not require encryption parameter negotiation, eliminating an entire class of configuration errors.

Native WireGuard support in pfSense is available starting with version 2.7. In earlier versions, the protocol was available as an experimental package, but its use was not recommended for production environments. The WireGuard codebase is significantly more compact than IPsec or OpenVPN, which simplifies auditing and reduces the attack surface.

WireGuard configuration in pfSense is performed in several steps: creating a tunnel with key pair generation, adding peers, assigning an interface to the tunnel, and creating firewall rules to permit traffic.

In This Section

  • WireGuard Setup - step-by-step guide to creating a tunnel, adding peers, assigning an interface, and configuring firewall rules
Last updated on