I feel you because I am dealing with a similar situation with pf wireguard. PIA is my VPN provider. Their linux app on ubuntu VM runs fine. PIA also has a tool to generate wireguard conf file to work with wg-quick on ubuntu. No problem. I generate the details in my ubuntu wireguard conf and enter the info in pf gui. Mapping is private key for tunnel. Endpoint and public key for peer. Address for opt interface and routing. The pf wireguard peer does not always handshake. The first time pf wireguard connected to PIA it was perfect. The connection dropped after 2 weeks. Now the connection has long ping times and very slow. Is there a way to automate mapping linux wireguard conf to pf wireguard tunnel and peer conf?

@kodols Sure. You would create a 'site-to-site' style tunnel between pfSense and Mullvad, and then a second tunnel using the road warrior model. Then it just becomes a matter of setting up policy routing and firewall rules to accomplish the desired outcome.

@xiki It isn't clear if and how this is related to pfSense.

@cmcdonald said in WireGuard Widget: @ciscox Noted! Thanks. That is particular useful for widgets that can be added multiple times to the dashboard, so it might also be worth allow multiple widgets with each filterable by specific tunnels. Hi, Exactly what I was thinking.:)

@bassopt Take another peak now, updated package should be available. https://files01.netgate.com/pfSense_v2_5_2_amd64-pfSense_v2_5_2/All/pfSense-pkg-WireGuard-0.1.5_3.txz

@dma_pf Good call! I'll try it. Thank you so much for your help.

@securvark I had the same issue. This worked for me as well. Thanks for posting.

@mooncaptain You only need the rules on one interface for each FW. Sounds like you are good to go.

Well after these whole hours I might say that the issue can be on the HAProxy side, but I cannot say why ... HAproxy is configured to the WAN IP on port 443/80. If I disable the HAproxy I can connect to the web servers, but not if HAproxy is enabled. Why? Shouldn't the 'routing' between the LAN and VPN interfaces be dealt with without passing thru the WAN? It seems that traffic goes to WAN ... and is being intercepted by the HAproxy . I'm confused .. or I'm missing a big issue in here ... JG

@mooncaptain Answering my own question: All devices that use DHCP have No leaks. In windows I check the connection details with ipconfig/all and that shows that the Mallvad DNS servers are pulled in. My problem was with a statically configured workstation. For that I have to manually spec the DNS servers. All is good - so far - since I am going to start messing around with the configuration to test fail over.

@gertjan In the US, data is dollars and sold to the highest bidder. Governance optional.

@mooncaptain and @dma_pf Thank you !! After reading your previous reply, ( and after having removed the WireGuard package, with the option not to save the previous configurations ). I reinstalled the package, and the first thing I did was, as mentioned by @mooncaptain, I went to the 'Settings' tab on the package, and enable it. I tried to do that on the previous attempt but was unable to do that. After doing that, I created the tunnel and checked to see if it appears on the selection on the interface, and this time it did !. I must have done something right when removing the package, without any previous settings. BTW, I didn't reboot the FW, as I have an offsite backup running that cannot be interrupted at this time. So this time I can select and assign the interface! Thank for the video, I'm going to watch it before I continue with this setup. I'll update this after that finishes. Thanks again. JG

Ok,I got it.I will upgrade it.