Assign a WireGuard Interface

Some functionality for WireGuard interfaces depends upon them being assigned as their own interfaces on the firewall. Benefits of assignment include:

  • Adds a firewall tab under Firewall > Rules

  • Allows the interface to be selected for use with NAT rules

  • Allows the interface to be selected throughout the GUI and packages for various purposes

  • Rules on assigned interface tabs get reply-to which ensures return routing will exit back the expected interface for inbound connections.

Assignment Procedure

To assign the interface:

  • Navigate to System > Routing

  • Set the Default gateway options to a specific gateway or group, as long as they are not left at Automatic (Managing the Default Gateway)

    Warning

    If the default gateway remains set to Automatic the firewall may end up using the WireGuard interface as the default gateway, which is unlikely to be the desired outcome.

  • Navigate to Interfaces > Assignments

  • Select the appropriate tun_wg<number> interface in the Available network ports list

    The description of the tunnel is printed next to the interface name in the list.

  • Click fa-plus Add to assign the interface as a new OPT interface (e.g. OPT1)

  • Navigate to the Interface configuration page, Interfaces > OPTx

  • Check Enable

  • Enter an appropriate Description which will become the interface name (e.g. WG_S2S)

  • Configure interface addresses and gateways as necessary

  • Click Save

  • Click Apply Changes