Configure a WireGuard Tunnel

To configure a WireGuard Tunnel:

  • Navigate to VPN > WireGuard > Tunnels

  • Click fa-plus Add Tunnel

  • Fill in the WireGuard Tunnel settings as described in WireGuard Package Settings

  • Click Save Tunnel

  • Add firewall rules on Firewall > Rules, WAN tab to allow UDP traffic to the port for this WireGuard tunnel (WireGuard and Rules / NAT)

  • Add firewall rules on the common Firewall > Rules, WireGuard tab to pass traffic inside the VPN (WireGuard and Rules / NAT)

Configure a WireGuard Peer

To configure a WireGuard peer:

  • Navigate to VPN > WireGuard > Peers

  • Click fa-plus Add Peer

  • Fill in the WireGuard Peer settings as described in WireGuard Peer Settings

  • Click Save Peer

  • Repeat the add/configure steps if there are multiple peers

Additional Configuration Steps

After configuring the WireGuard tunnel, there are a few more optional steps depending on the requirements of the use case:

  • Navigate to System > Routing

  • Set the Default gateway options to a specific gateway or group, as long as they are not left at Automatic (Managing the Default Gateway)


    If the default gateway remains set to Automatic the firewall may end up using the WireGuard interface as the default gateway, which is unlikely to be the desired outcome.

  • Assign the WireGuard interface as a new OPTx interface (Assign a WireGuard Interface)

  • Add firewall rules specific to this tunnel on Firewall > Rules, OPTx tab to pass traffic inside the VPN (WireGuard and Rules / NAT)

  • Setup one of the alternate routing methods as described in WireGuard Routing, if needed.