Now that Wireguard is officially supported by Ubiquiti, I’ve decided it’s time to fix my VPN once and for all. Since I have a pfSense up and running in Brazil and a UDM Pro here in US, I always leveraged a Site-to-Site VPN with IPsec to access my devices in both ends.
While my IPsec tunnel has been working fairly well over the years, now that Ubiquiti offers Wireguard support, it’s time for me to modernize my setup and look into some new use cases. This post will guide you through step by step on how to make this work.
Wireguard Server (UDM Pro)
The UDM Pro will act as the Wireguard Server, while pfSense will be the client connecting into it. Setting up Wireguard on UDM Pro is as easy as it gets. Going to
Settings > Teleport & VPN > VPN Server
Takes you to the new VPN Server screen. Set the name of your VPN and take notes on your public key. You’ll need it later. You can configure the Gateway and Network you’d like or leave the default settings. If you decide to modify your network settings, use the Advanced. In my case the default settings works fine.
Use the Add New Client option to create your new client credentials. Select Manual to modify the default settings. Set up the name of your Client, take notes on the public key again and modify the Interface IP as needed.
Believe it or not, you are done! Now let’s move to pfSense.
Wireguard Client (pfSense)
Setting up Wireguard on pfSense is a bit more work. Go to
System > Package Manager > Available Packages
Search for Wireguard and Install the package.
Once the Wireguard package is installed, you’ll get a new Option under the VPN menu.