From 044fbfa9adf2a3cd86987fbe82b499e24e06f8a8 Mon Sep 17 00:00:00 2001
From: sunnyvibez <150281284+sunnyvibez@users.noreply.github.com>
Date: Wed, 8 Nov 2023 12:26:27 -0600
Subject: [PATCH] Update opnsense-wireguard.md
- Updated navigation steps for new os-wireguard plugin
- Direct user to Client Area Wireguard Server List because /status does not have IPs necessary
- General spelling/formatting fixes
---
.../pages/setup/router/opnsense-wireguard.md | 26 +++++++++----------
1 file changed, 12 insertions(+), 14 deletions(-)
diff --git a/src/content/pages/setup/router/opnsense-wireguard.md b/src/content/pages/setup/router/opnsense-wireguard.md
index 9613e65a2..39a517de3 100644
--- a/src/content/pages/setup/router/opnsense-wireguard.md
+++ b/src/content/pages/setup/router/opnsense-wireguard.md
@@ -10,7 +10,7 @@ weight: 61
## OPNSense WireGuard Setup Guide
-This guide was produced using OPNSense 20.1.
+This guide was produced using OPNSense 23.7.7.
### Configure Your Environment
@@ -27,16 +27,16 @@ This guide was produced using OPNSense 20.1.
1. Log in to the [IVPN Client Area](/account/).
-2. Choose a WireGuard server to connect to from our [Server Status](/status/) page. Make note of the hostname and the public key of the server.
+2. On the `VPN Accounts` page in the Client Area on our website, click the `WireGuard` tab. Go to `WireGuard Server List` located under **Tools**. Choose a WireGuard server to connect to from our **WireGuard Server List** page. Make note of the IP Address and the public key of the server.
-3. In the OPNSense web interface, go to `VPN > WireGuard > Endpoints` and click the `+` to add a VPN server location (Endpoint/Peer):
+3. In the OPNSense web interface, go to `VPN > WireGuard > Settings > Peers` and click the `+` to add a VPN server location (Endpoint/Peer):
Name: A short interface name, like ivpnJapan or ivpnSeattle.
Public Key: The server public key is available from the server list in the step above.
Shared Secret: Leave it blank.
- Alloweb IPs: 0.0.0.0/0
- Endpoint Address: The server hostname is available from the server list in the step above.
+ Allowed IPs: 0.0.0.0/0
+ Endpoint Address: The server IP Address from the server list in the step above.
Endpoint Port: IVPN offers different ports to connect on: 53, 80, 443, 1194, 2049, 2050, 30587, 41893, 48574, and 58237
Keepalive: 25
@@ -47,7 +47,7 @@ This guide was produced using OPNSense 20.1.
### Add a Local Interface
-1. In the OPNSense web interface, go to `VPN > WireGuard > Local` and click the `+` to add a local interface and enter the following:
+1. In the OPNSense web interface, go to `VPN > WireGuard > Settings > Instances` and click the `+` to add a local interface and enter the following:
Name: A short interface name, like ivpn.
@@ -60,13 +60,11 @@ This guide was produced using OPNSense 20.1.
Peers: Choose the Endpoint (VPN server location) you created in the previous step.
- Click the `Save` button to generate your **Public** and **Private** keys.
+ Click the `Generate new keypair` button next to **Public key** to generate your **Public** and **Private** keys.
-2. Click the pencil icon to edit the local interface you created in the previous step and make note of your **Public Key**.
+2. Make note of your **Public Key**.
- 
-
-3. On the `VPN Accounts` page in the Client Area on our website, click the `WireGuard` tab. Go to `WireGuard Key Management` located under **Tools**. Click the `Add New Key` button. Copy the contents of the **Public Key** from OPNSense and paste them into the **Public Key**: field. Add a comment, like OPNSense if you prefer, and click the `Add Key button`.
+3. On the `VPN Accounts` page in the Client Area on our website, click the `WireGuard` tab. Go to `WireGuard Key Management` located under **Tools**. Click the `Add New Key` button. Copy the contents of the **Public Key** from OPNSense and paste them into the **Public Key**: field. Add a comment, like OPNSense if you prefer, and click the `Add Key` button.
Be sure to copy the Public Key and not the Private Key. The Private Key must always be kept a carefully guarded secret.
@@ -82,13 +80,13 @@ This guide was produced using OPNSense 20.1.
### Connecting
-1. Go to the `VPN > WireGuard > General` tab and put a check mark beside **Enable WireGuard** on the General tab, then click the `Save` button.
+1. Go to the `VPN > WireGuard > Settings > General` tab and put a check mark beside **Enable WireGuard** on the General tab, then click the `Save` button.
-2. Check the `VPN > WireGuard > List Configuration` and `Handshakes` tabs to see connection details.
+2. Check the `VPN > WireGuard > Diagnostics` for connection details.
3. Go to the `Interfaces > LAN` page and set the `MSS` value to `1412`. Click the `Save` button at the bottom of the page, then click the `Apply changes` button at the top of the page.
-4. To let you internal network clients go through the tunnel, add a **NAT entry**. Go to `Firewall > NAT > Outbound` and click `+Add` to add a rule. Check that rule generation is set to **Manual** or **Hybrid**. Add a rule and select **Wireguard** as `Interface`. `Source Address` should be **LAN net** and set `Translation / target` to **Interface address**.
+4. To let your internal network clients go through the tunnel, add a **NAT entry**. Go to `Firewall > NAT > Outbound` and click `+Add` to add a rule. Check that rule generation is set to **Manual** or **Hybrid**. Add a rule and select **Wireguard** as `Interface`. `Source Address` should be **LAN net** and set `Translation / target` to **Interface address**.
