lucas/lucas-wiki
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e6f3939bd317300a9650937326e90bd77805ffec
lucas-wiki/Public/Guides/generate-wireguard.md
Lucas Mathews e6f3939bd3 Correct tags
2025-12-23 14:46:57 +01:00

61 lines
2.5 KiB
Markdown
Raw Blame History

---
title: Manually Generate Wireguard Peer in OPNsense
description:
published: false
date: 2025-12-13T11:39:23.471Z
tags: networking
editor: markdown
dateCreated: 2025-05-04T11:38:34.846Z
---
# Manually Generate Wireguard Peer in OPNsense
This guide details how to manually (not using the Peer Generator) generate a new Wireguard peer in OPNsense.
## Requirements
The `wireguard-tools` package must be installed to generate the public and private keys.
### 1. Create a Peer
1. Generate a new public and private key with
`wg genkey | tee privatekey | wg pubkey > publickey`
This will create two files in the current directory with the public and private key. Save these for later.
2. In the OPNsense UI go to VPN > Wireguard > Peers, and click the + to add a new peer
3. Fill in the details:
- **Name**: Enter a name for the peer
- **Public key**: Paste the public key you generated earlier
- **Pre-shared key**: Generate a key if desired and save it for later
- **Allowed IPs**: Specify the IP address or subnet that this peer is allowed to use (e.g., 10.0.60.2/32). Check your existing peers to ensure it is not already used
- **Endpoint address**: Leave blank if the client will be roaming
- **Endpoint port**: Leave blank
- **Instances** Choose appropriate instance
- **Keepalive**: Can be left blank
4. Save the Configuration
### 2. Create the Wireguard Config File
1. Create a new file called `<NAME>.conf`. You can choose the name.
2. Copy and paste the contents from below into the file and update the values:
```
[Interface]
PrivateKey = <private-key>
Address = 10.0.60.2/32 # Use the same IP address or subnet specified in OPNsense
DNS = 8.8.8.8 # Optional: Specify a DNS server, not required if only routing resources (not an Internet connection) or using DNS names.
[Peer]
PublicKey = <opnsense-public-key>
PresharedKey = <preshared-key> # Only needed if generated in previous step
Endpoint = <opnsense-public-ip>:51820 # Replace with the OPNsense public IP and port
AllowedIPs = 0.0.0.0/0 # Route all traffic through the VPN
```
Replace `private-key`, `opnsense-public-key`, `preshared-key`, and `opnsense-public-ip` with the appropriate values.
For `AllowedIPs`, setting `0.0.0.0/0` will route all IPv4 addresses via the VPN connection. If only access to resources and no internet connection is required, the subnets can be added here i.e. `10.0.60.0/24, 10.0.70.0/24`
4. Import the `.conf` file into the VPN connection settings on the client device and test the connection.
Reference in New Issue View Git Blame Copy Permalink