Found an amazing tool for exporting WireGuard peers! (No more struggling)
-
Getting this into the official pfSense package repository is definitely the ultimate goal.
However, I'm still in the very early stages of building this tool and have a lot of features I'm looking to add before I'd apply for official inclusion.
Right now, the biggest thing that will speed up that process is testing and input from the community. Having users like you run it through its paces, report bugs, and suggest features will really help me iron out the edge cases. Once the feature set is complete and I feel 100% comfortable with the stability of the code, I'll definitely be putting in the request to make it an official package.
Thanks again for the support!
-
@3um3le3ee wrong architecture: FreeBSD:14:amd64 instead of FreeBSD:15:amd64
Are you gonna make this available for 2.8.x?
-
Thanks for the interest in my project! I'm working on a huge update ATM which is adding multiple new features alongside the ability to be installed on the latest version of pfSense/FreeBSD. Keep an eye on my GitHub repo and this forum thread.
-
This post is deleted! -
I've just released v1.0.6 on GitHub. It is fully optimized and verified for pfSense CE 2.8.1 and FreeBSD 15.
What it does:
Instead of bouncing between 5 different screens, this package integrates directly into your native pfSense WireGuard UI and automates the heavy lifting.Major Features in this Release:
1-Click Peer Provisioning: Enter a name, click save, and it instantly registers the peer in pfSense while handing you a ready-to-use .conf file and a 100% offline QR code.
Simplified Auto-Tunnel Wizard: Deploy entirely new tunnels in seconds. It automatically generates the required inbound/outbound firewall rules and dynamically injects Outbound NAT mappings.
HA Sync Wizard: Running a primary/backup cluster? The new wizard automatically punches the necessary firewall holes and pushes newly provisioned peers to your secondary node over XMLRPC.
Smart Endpoint Auto-Discovery: It automatically detects if your pfSense router is behind a Double NAT and fetches your true public IP, so cellular/5G clients don't drop.
Advanced Routing Control: Easy dropdowns for Full Tunnel vs. Split Tunnel (LAN-only) routing and custom DNS per peer.
-
@3um3le3ee This is really interesting work you are doing here :-)
REALLY hoping this get's vetted and included as an official package
-
@keyser said in Found an amazing tool for exporting WireGuard peers! (No more struggling):
@3um3le3ee This is really interesting work you are doing here :-)
REALLY hoping this get's vetted and included as an official package
Thanks so much for your continued support, and encouragement! It really means a lot to hear that the community is finding value in the project.
-
@3um3le3ee are you going to release the source code for it, too?
-
@patient0 said in Found an amazing tool for exporting WireGuard peers! (No more struggling):
@3um3le3ee are you going to release the source code for it, too?
Yes, absolutely! All code will be available on my GitHub as soon as possible. Since this is being deployed on a firewall, I agree that people should be able to see exactly what they are installing. In the meantime, you can simply extract the .pkg file and have a look at the scripts yourself!
-
I just saw the latest update and was actually about to post about it myself, but you beat me to it. This really is a game changer. You’ve made WireGuard on pfSense a total joy to use, the automated firewall and NAT creation has made this a complete tool in my book. I’m definitely up for testing, reporting bugs, and hopefully throwing some ideas your way for future versions. Thank you for all the hard work and for making this accessible to everyone.
-
What's New in v1.0.7
This release further expands the tool into a comprehensive WireGuard management suite, introducing identity synchronization, live telemetry, and advanced peer management features.
Expiration & Identity Sync Daemon: A dedicated background daemon automatically disables peers when they reach a configured expiration date and syncs with LDAP/Local User accounts to revoke VPN access if the system account is disabled or missing.
Live Telemetry & Monitoring: The main dashboard now displays live Receive (Rx) and Transmit (Tx) data usage metrics in megabytes for each connected peer.
Advanced Peer Management: Easily perform a "Key Rotation" to instantly revoke access and generate fresh keys, "Kill Connection" to drop a peer from the kernel, or "Delete Peer" to permanently erase them.
Configuration Delivery: Directly email .conf configuration files to end-users utilizing the native pfSense SMTP engine.
Bulk CSV Import: Rapidly mass-provision peers by pasting a list of names and IP addresses into the new Bulk CSV modal.
Global Security Policies: Administrators can enforce mandatory Pre-Shared Keys (PSK) for all new peers and configure fallback subnets for split tunneling.
Resilient HA Sync Wizard: Securely push peers to a backup node over XMLRPC with a new Strict TLS validation toggle. Failed sync attempts are automatically queued and retried by the background daemon.
Setup Wizard & Widget Upgrades: The Auto-Tunnel setup wizard now features an interface dropdown for explicit Outbound NAT mapping, and the dashboard widget has been upgraded to display total tunnels/peers alongside quick-action links.
https://github.com/3um3le3ee/pfSense-wireguard-peer-export
-
New version 1.0.8 released.
Visual Telemetry & NOC Dashboard: A brand-new, dedicated Network Operations Center view.
Includes live bandwidth charts (Rx/Tx).
IP subnet exhaustion pie charts.
24-hour usage trend charts and a "top talkers" data table.
Dual-Stack IPv4/IPv6 Support: The Auto-Setup Wizard now handles IPv6-only or dual-stack tunnel configurations, including primary and secondary IP addressing.
Smart IP Allocation & Conflict Prevention: A new free-list allocator that intelligently fills IP gaps from deleted peers and proactively blocks provisioning if a conflict is detected.
Import .conf Files: Ability to upload existing WireGuard configuration files to automatically parse and pre-fill provisioning modals.
Auto-Update Checker: A configurable background service (Daily/Weekly/Never) that provides a "One-Click Download & Install" banner for new releases.
Self-Healing & Persistence:
Auto-Bootstrap: Ensures the tool survives pfSense firmware upgrades.
Pre-install Backups: Protects configurations during the update process.
UI Tab Healing: Aggressively maintains native menu integrity.
100% Offline Assets: Transitioned to locally hosted JavaScript libraries for QR codes and charts (no external CDN dependencies).
Enhancements to Existing Features
Identity Sync Daemon: While v1.0.7 introduced the daemon, v1.0.8 specifically adds the ad_sync: prefix logic for LDAP/Local User syncing and introduces bandwidth telemetry archiving.
HA Sync Wizard: Improvements to the background queue, moving from "automatically queued" to "automatically saved to a background queue" for more resilient retries.
Auto-Tunnel Setup Wizard: Explicitly labeled as a core new deployment feature in this version, expanding on the interface mapping introduced in the previous release to now include full key generation and firewall rule automation.
https://github.com/3um3le3ee/pfSense-wireguard-peer-export
-
Just upgraded on pfSense v2.8.1 without any issue (WG with 4 tunnels and 17 peers).
Very nice dashboard.
Thank you for your work. -
Thank you so much for using the tool and for the kind words! It really means a lot to me that you took the time out of your day to reach out and share your feedback. Hearing that your upgrade went smoothly is incredibly rewarding.
I'm thrilled to hear that you are liking the new dashboard, and I truly hope you continue to enjoy using the tool.
Cheers!
