How to setup Wireguard VPN on Linux Mint

WireGuard is a fast, modern, and secure VPN tunnel protocol that is rapidly gaining popularity. In this tutorial, we’ll walk you through setting up WireGuard VPN on pfSense firewall and connecting to it using Linux Mint as the client. This setup provides encrypted communication between your devices with minimal configuration.

Whether you’re an IT enthusiast or a system administrator, setting up WireGuard will boost your network security and remote access capabilities. Let’s dive in.

Prerequisites

1. pfSense firewall (version 2.5.0 or later)
2. WireGuard package installed on pfSense
3. A Linux Mint machine with WireGuard installed 
4. Basic understanding of networking and firewall rules

Configure WireGuard on pfSense

1. Login to pfSense

   • Go to System > Package Manager > Available Packages

   • Search and install the WireGuard package

2. Go to VPN > WireGuard

   • Click Add Tunnel

   • Enter a description

   • Click Generate to create a public and private key pair

   • Assign a Tunnel Address (172.16.0.1/24)

   • Save and enable the tunnel

3. Add a Peer

   • Description: LinuxMint or whatever

   • Allowed IPs: (172.16.0.2/32)

   • Enter the client’s public key (will be generated later)

   • Save changes

Firewall and NAT Rules on pfSense

1. Firewall Rule

   • Go to Firewall > Rules > WAN

   • Add a rule to allow UDP traffic to the port you assigned in WireGuard (default: 51820)

2. NAT (If Needed)

   • Go to Firewall > NAT > Outbount

   • Select Hybrid NAT, Save and apply

   • Add a rule to NAT traffic from 172.16.0.0/24 to the WAN interface

Configure WireGuard on Linux Mint

1. Install WireGuard

    

   sudo apt update
   sudo apt install wireguard wireguard-tools

2. Generate Keys
   Run the following in the terminal:

   umask 077 wg genkey | tee privatekey wg pubkey < privatekey | tee publickey

    

   • Save the generated keys securely.

   • Share the public key with pfSense peer configuration.

3. Create the Configuration File

   Create a new file

   1. cd /etc/wireguard/

   2. nano wg0.conf
   3. Paste this code into wg0.conf

      [Interface] 
      PrivateKey = YOUR_PRIVATE_KEY 
      Address = 172.16.0.2/24
      
      [Peer] 
      PublicKey = PF_SENSE_PUBLIC_KEY 
      AllowedIPs = 172.16.0.0/24, 0.0.0.0/0 
      Endpoint = YOUR_PFSENSE_PUBLIC_IP:51820

   4. Replace placeholders with actual values.

Start and Enable WireGuard Tunnel

1. Bring up the VPN Tunnel

    

   sudo wg-quick up wg0

2. Check the VPN Status

   sudo wg show ip a

3. Enable WireGuard to Start at Boot

   sudo systemctl enable [email protected]

    

With the VPN tunnel active, your Linux Mint system can securely connect to the internal network behind your pfSense firewall.

Comment below if you have any question 🙂