Jump to content
TorGuard

Search the Community

Showing results for tags 'wireguard'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • The Lounge
    • General Stuff
    • Member Tutorials
    • TorGuard Reviews
  • TorGuard Software Releases
    • Network Status
    • TorGuard Client Releases
    • Android Client Releases
    • iOS App Releases
    • Chrome Extension Releases
    • Firefox Extension Releases
  • TorGuard VPN Support
    • VPN Questions and General Support
    • VPN Windows Support
    • VPN Mac Support
    • VPN Linux Support
    • VPN Router Support
    • iOS VPN Support
    • Android VPN Support
  • TorGuard Proxy Support
    • Proxy Questions and General Support
    • Firefox Extension Support
    • Chrome Extension Support

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 1 result

  1. Dear Community, Original OPNsnese Forum Post Here : https://forum.opnsense.org/index.php?topic=13461.0 And I quote " Jimi ": I see that we meet again hmmm " see here: https://youtu.be/gFAQWjdCO8o and for the purpose as stated by the leader of The Family Stone " I Want To Take You Higher - see here : https://www.youtube.com/watch?v=LQkdiJQIX5Y Now after the intro - let's get down to business. This tutorial guide details dead simple GUARANTEED method(s) to get WIREGUARD Client up and running on OPNsense Firewall. I will explore the one I prefer first. Some of you may remember my work with GETDNS and STUBBY. Please read Mimugmail's comments ( the developer and maintainer of os-wireguard-devel plugin ) below in the first reply to this tutorial. He was kind enough to inform me of a few points so no one does extra work. Specifically, Mimugmail details methods for easier OPNsense ports installation and / or easier method to install WireGuard and WireGuard-Go packages. This installation is for commercial WireGuard Clients ONLY ! - where creation of keys and how to exchange them is not needed. The keys are generated and managed by your WireGuard VPN service provider - in my case - TorGuard. 1 - As per Mimugmail's advice you can choose to install WireGuard either through ports or pkg install method. From his reply : You can install wireguard just via # pkg install wireguard && pkg install wireguard-go The pkg versions are always the latest which were available at the time of the release. The version you mention here is already in the ports tree but the pkg will be in the next minor release. To speed this up you could also do on your opnsense installation: # opnsense-code ports && cd /usr/ports/net/wireguard && make install - As I wanted the latest package ( I did not care to wait for pkg update on OPNsense and I do not like installing the entire OPNsense Ports collection on my OPNsnese Instance ) - I did the following and it worked out great. 2 - Go to https://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/ as OPNsense is based on FreeBSD 11 - actually Hardened BSD - but that package is from April wireguard 0.0.20190406_1 - the current version is - July 2019 wireguard 0.0.20190702 . First install bash # pkg install bash ( as it is need by WireGuard-GO ). Scroll down page on FreeBSD package website ( find wireguard and wireguard-go ) Then issue these commands: # pkg add -f https://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/wireguard-go-0.0.20190517.txz and # pkg add -f https://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/wireguard-0.0.20190702.txz - As I said, this will install latest versions of these packages. Ready to get this going and up and running then follow steps below. 3 - To begin you need to get your WIREGUARD configuration files from the TORGUARD website. To do so login your TORGUARD account then go to Tools ( along the top of Login Page ) from drop Down Menu click on Enable WIREGUARD Access. You will then be in your TorGuard Account Area. You will see this message along the top : Below is a list of WireGuard VPN Servers, Please click enable in front of the servers you like to connect to, and use the returned keys shown to connect. Currently, TORGUARD offers WIREGUARD Servers in USA - New York ( quite actually situated in Clifton, New Jersey ), Asia - Singapore and Europe - UK. Click on your preferred Server - Enable WIREGUARD. This will result in a green box below the now grayed out box - which states now Disable WIREGUARD - naturally leave your server enabled as you want to connect to the now enabled server. Next, .Download Config file as the box allows you to do now that you have enabled your WIREGUARD Server. You will also see in the adjoining box the following : Location VPN Server Keys Manage USA - New York 1 159.xx.xxx.xx:xxx Server Public key: 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4= Your Private Key: cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA= Your Address: 10.xx.x.xxx/24 4 - Now I used this guide as the template for my manual installation of WIREGUARD on OPNsense see here : https://genneko.github.io/playing-with-bsd/networking/freebsd-wireguard-quicklook/ I will make this simple for you step by step. You may sing and / or hum along as we proceed. A- First - configure WireGuard Client. TorGuard, AzireVPN, VPN.ac, Mullvad, IVPN, are commercial VPN providers which offer LIVE ! WireGuard Services now. I use TorGuard here is a sample file. Keys are dummies - only used for illustrative purposes in this tutorial- Use your real WireGuard configuration file here: Create file by command line - # nano /usr/local/etc/wireguard/wg0.conf - and enter the configuration file below ( copy and paste ) - substitute your real one. Save and Close. Done with this file. # TorGuard WireGuard Config [Interface] PrivateKey = cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA= ListenPort = 51820 DNS = 104.223.91.210 Address = 10.xx.x.xxx/24 [Peer] PublicKey = 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4= AllowedIPs = 0.0.0.0/0 Endpoint = 159.xx.xx.xxx:xxx PersistentKeepalive = 25 B - Secondly, run command via SSH # wg-quick up wg0 ( wireguard-go is in package and this action creates wireguard interface ) You may also run # wireguard-go wg0 to create wg0 but I prefer the first method mentioned here. 5 - Configure WireGuard Service with rc.d - for automatic startup/shutdown of the tunnel. In order to achieve this there’s already an rc.d script /usr/local/etc/rc.d/wireguard which came with the wireguard package. You need to issue this command : # mv /usr/local/etc/rc.d/wireguard /usr/local/etc/rc.d/wireguard.sh then enter the file - # nano /usr/local/etc/rc.d/wireguard.sh Then go to bottom of file - lines 46 and 47 - change : ${wireguard_enable="NO"} to : ${wireguard_enable="YES"} and then add wg0 on line 47 : ${wireguard_interfaces=""} to : ${wireguard_interfaces="wg0"} ( wgZero ) - Save and Close - Make it executable, I run two commands - it works for me: # chmod a+x /usr/local/etc/rc.d/wireguard.sh # chmod 744 /usr/local/etc/rc.d/wireguard.sh - Done with this file. 6 - In order to have OPNsense use default start up script ( /usr/local/etc/rc.d/wireguard.sh ) at boot time you will have to create a boot time start up script for it in /etc/rc.conf.d/. Not to prolong this - do the following : # nano /etc/rc.conf.d/wireguard - in the new file enter the following two lines: wireguard_enable="YES" wireguard_bootup_run="/usr/local/etc/rc.d/wireguard.sh" Save and Close - Make it executable- # chmod a+x /etc/rc.conf.d/wireguard # chmod 744 /etc/rc.conf.d/wireguard / Done with this file. 7 - Now head to OPNsense WEBGUI in order to configure Wireguard Interface ( created earlier ) and FireWall Rule. First, on Left Side WebGui Column - go to Interfaces > Assignments -you will see wg0 interface - click (+) add button /symbol. Once the wg0 interface is listed as OPT ( 1 - 2 depending on your setup ) - Click underneath it - - enter checks in " Prevent interface removal' and " Enabled " - and enter description - I call mine " WIRE " - DO NOTHING ELSE HERE ! Save and Apply - Done with this phase. Second - Firewall Rule - on Left Side WebGui Column - go to Firewall > NAT > Outbound > Once on this Landing Page put a Dot in radio button Hybrid outbound NAT rule generation - Click on Save - Do Not - Repeat Do Not Click Save and Apply At This Time - Instead Click on Add (+) Button on right side top of page - on the page which opens change Interface from WAN in drop down menu to your Wireguard ( wg0 ) Interface - in my case " WIRE " as I labeled it in the description of the interface I added earlier. Next - Change Source Address to " Lan net " and Translation/target to Interface address. Enter " Description -e.g. " Made For Wire " now Click " Save " at bottom of page. You will be taken back to Firewall:Nat:Outbound Landing Page - Click on " Apply Changes " in right upper hand corner - Done with Firewall Rule for Lan. Repeat Firewall Rule Operation for all of your other Lan Interface Subnets if you choose to do so. When using these updated packages as I did, in order to stop nagging messages to re-install outdated OPNsense wireguard and wireguard-go packages use FreeBSD pkg lock option. Issue commands in order : # pkg lock wireguard and # pkg lock wireguard-go It may be necessary to reboot OPNsense after locking wireguard and wireguard-go packages in order to restart WireGuard from command line. Your WireGuard Client is now installed and ready - you may enter command # /usr/local/etc/rc.d/wireguard.sh restart in order to start it up. You may also reboot your OPNsense Router. Lastly, issue command # wg show which prints out your WireGuard Connection statistics and configuration. I will install wireguard via # pkg install wireguard && pkg install wireguard-go as my go to method in the future. Peace and Grace Be Unto All God's Creation
×