Part 2 - Wireguard Instance and Peers
Categories:
Configuring the VPN on OPNsense
In this section a Wireguard Instance and Peer will be configured on OPNsense, This essentially forms a virtual cable from your router to VPN.
Create a Wireguard Instance
- Log into OPNsense via the web interface
- In the sections browse to VPN -> Wireguard -> Instances
- Click + to configure a new Instance
- Fill in the details as follows (anything not listed should be left blank)
| Field | Value | Notes |
|---|---|---|
| Name | wg_mullvad_instance | |
| Private Key | Interface.PrivateKey from Wireguard file | |
| Tunnel Address | Interface.Address from Wireguard file | /127, not 128 |
| Disable Routes | Ticked | |
 |
- Click Save to close the window, you should see the Instance appear
- Click Apply to load the instance into Wireguard
Create a Wireguard Peer
Here the peer of the VPN will be configured for the instance to connect to.
- Ensure the Web Interface is at VPN -> Wireguard -> Instances
- Select the Peers tab
- Click “+” to configure the peer
- Fill in details as follows:
| Field | Value | Notes |
|---|---|---|
| Name | wg_mullvad_peer | |
| Public Key | Peer.PublicKey from Wireguard file | |
| Allowed IPs | Peer.AllowedIPs from Wireguard file | |
| Endpoint | Endpoint from Wireguard file | e.g. 333.111.222.47 |
| Endpoint Port | Endpoint_Port from Wireguard file | Most likely: 51820 |
| Instance | wg_mullvad_instance | |
 |
- Click Save to close the window
- Click Apply to load the peer into Wireguard
Enable Wireguard and confirm the Tunnel is working
- Navigate to VPN -> Wireguard -> Instances
- Tick the box next to Enable Wireguard
- Click Apply
- Navigate to VPN -> Wireguard -> Status
- Confirm Status has green ticks next to the two lines for your peer and an interface with the same Device Name as your peer (e.g. “wg0”, yours may differ)
At this point, the VPN is configured, the tunnel is up, we’ve essentially connected a cable from the router to the VPN provider. It can’t be used yet as the router doesn’t know what to do with your traffic.
Next step is to configure the Interface and Gateways.
Troubleshooting
If you don’t have green ticks:
- Have a look in VPN -> Wireguard -> Log File to see if there is more information as to what’s gone wrong, and double check the instance and peer configuration.
- Restart the Wireguard service:
- Visit Lobby -> Dashboard
- Scroll down to Services
- Locate WireGuard wg_mullvad_instance
- Click Restart next to it
- If you have one green tick and a grey question mark:
- Check your Tunnel Address for the instance has “/127” in it and not “/128”
With all this complete, proceed to Part 3 - Interface and Gateways