OPSense Configuartion

OPNsense® is an open source, feature rich firewall and routing platform, offering cutting-edge network protection.

Defguard Gateway Configuration

This instruction helps configuring Defguard Gateway in OPNsense. This is based on WireGuard Road Warrior Setup from OPNsense documentation.

Configure Defguard Gateway plugin

1. Go to VPN → Defguard Gateway

2. Fill out the approriate values in the form

3. Eventually, Start/Restart the service.

Assign a network interface to Defguard

1. Go to Interfaces → Assignments

2. Under Assign a new interface, select the Defgaurd Gateway network interface (e.g. wg0)

3. Add a descrption, for example ParisOfficeVPN

4. Click Add

1. Select the newly create interface by clicking on its name (in this example [ParisOfficeVPN]).

2. Select Enable Interface

3. Select Prevent interface removal

4. Click Save, and then Apply changes

Create an outbound NAT rule

1. Go to Firewall → NAT → Outbound

2. Make sure the selected Mode is Hybrid outbound NAT rule generation; if it wasn't selected, click Save and then Apply changes

3. Under Manual rules, add a new rule by clicking +.

4. Select Interface – this should be either WAN or LAN, depending on the needs.

5. Select TCP/IP version – either IPv4 or IPv6.

6. Select Source address – this should be interface name assigned above plus net, e.g. ParisOfficeVPN net.

7. Click Save, and then Apply changes

Add firewall rules to allow WireGuard traffic in

1. Go to Firewall → Rules → WAN

2. Click + (plus) to add a new rule

3. The rule should Pass the traffic in with quick option enabled

4. Select WAN interface

5. Choose TCP/IP version of your desire

6. Select UDP protocol.

7. Set Destination to WAN address and port to the port number provided in Defaurd Core: Location configuration → Gateway port

8. Click Save, and then Apply changes