Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Wireguard Interface Assignment

    Scheduled Pinned Locked Moved WireGuard
    4 Posts 3 Posters 90 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Ragnaill
      last edited by

      I’m sure this question has been asked before, but I can’t find the answer; my apologies if this is an already plowed field. I am using pfsense 2-7-2 CE on a 4 physical port device. I have been using OpenVPN tunnels (pfsense client to a VPN provider) for a couple of years now. I would like to add a Wireguard tunnel to another provider. Reading docs, and watching Christian McDonald’s Wirequard 001 video, I think I’m clear on all Wireguard configuration aspects save one that confuses me a bit. All 4 of my physical interfaces are already in use. WAN to ISP, LAN to VLANs (Cisco switch), OPT1 to VLANs (same Cisco switch), OPT2 configured as a VPN Bypass (i.e., packets dumped directly on ISP network, as opposed to shoved into OpenVPN tunnel). The pfsense Wireguard package appears to require (well, not require, but recommends) that the tunnel be tied to a physical interface (Interfaces →
      Assignments → tun_wg# → + Add). The Wireguard tunnel will be arbitrarily assigned to either LAN, OPT1, or OPT2, correct? Is this interface assignment strictly logical, with no impact to any traffic, VLANs, etc., already using that interface, or is there any potential impact?

      Thanks for any light someone can shed.

      Bob.DigB keyserK 2 Replies Last reply Reply Quote 0
      • Bob.DigB
        Bob.Dig LAYER 8 @Ragnaill
        last edited by

        @Ragnaill said in Wireguard Interface Assignment:

        correct?

        No. It will be its own interface, like wg0, wg1 or how ever you name them. In your context, they will be WAN-type interfaces.

        1 Reply Last reply Reply Quote 0
        • keyserK
          keyser Rebel Alliance @Ragnaill
          last edited by keyser

          @Ragnaill No, pfSense assigned interfaces are logical representations in pfSense that allows you to assign firewall rules and IP adresses to it.

          Those pfSense assigned logical interface are then “bound or connected” to anything from physical networking interfaces to various virtual interfaces like VLANs, LAGGs or VPN tunnels that actually transport the traffic.
          In this case you are binding the pfSense logical interface to a Wireguard VPN Tunnel (which is not a physical interface, but virtual networking interface).

          EDIT: So assigning your Wireguard interface to a new logical pfSense Interface, creates an OPT3 interface in your setup.

          Love the no fuss of using the official appliances :-)

          1 Reply Last reply Reply Quote 0
          • R
            Ragnaill
            last edited by

            @Bob-Dig @keyser
            Ahhh, OK. So the wg<#> Wireguard interface will be assigned to a new logical pfsense interface (as WAN, LAN, OPT1, and OPT2 already have things assigned under Interface Assignments), which will be the next in logical sequence, ergo OPT3. OK, thanks, that helps!

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.