Add Surfshark VPN to pfSense 23.09.1 w/ WireGuard

Hi all!

I bought 26 months worth of Surfshark VPN and wanted to request assistance on how I can add it to my current pfSense 23.09.1 config.

I’d like to Surfshark VPN all of my home network, however, I currently have WireGuard enabled on my devices to take advantage of pfSense and pfBlockerNG adblock on the go.

I’m not too sure if I should add it as an interface to go from WAN to LAN and LAN to WAN. However, since I have WireGuard installed and configured if I also have to make changes to that as well so everything is tunneled to Surfshark on pfSense.

I’d like to keep WireGuard since it’s already working perfectly. Just add SurfShark as a middle man between LAN and WAN.

Here is how my network is configured:

Thank you kindly for the help!!

I have a video on using OpenVPN to setup a privacy VPN but it’s worth noting that it will slow down your internet for all the devices behind that VPN which is why I don’t recommend it.

1 Like

Thank you for your response @LTS_Tom ! :slight_smile:

Would it be possible to do it with WireGuard? Esentially having two WireGuard setups, one SurfShark and another for the ‘On-the-Go’ mobile devices?

Every time I’d see talk about OpenVPN, I’d hear to stick with WireGuard as OpenVPN isn’t as fast nor as cutting edge with secure ciphers and algorithms as WireGuard.


OpenVPN is just as secure as Wireguard - it can use the same ciphers and algorithms as WireGuard

Each vpn has a different user case - wireguard does not have any user aithenication, where openvpn can use username / password , username / 2FA and extra security if you use username / password a user ssl certificate

1 Like

As for having two wireguard config, yes this is possible you will have to possible change the port number use for each wireguard instance

1 Like

I’ve not setup wireguard but do run OpenVPN with AirVPN.

Personally I wouldn’t pass “all” my traffic via the VPN you’ll find that some sites won’t work like some email, banking etc. somehow they detect you’re using a VPN. Additionally if something is wrong you won’t be able to compare the line speed with the VPN speed etc.

A better solution is to use vlans, set up one for the ISP and the other for the VPN. I suppose you could use policy routing, but somehow that requires too much thinking, I prefer to know whatever device is on the VPN vlan passes through the vpn gateway. Oh yeah don’t forget your killswitch otherwise you’ll be going out via the ISP sooner or later. However, I don’t think your AP is vlan capable, in which case just keep it on one network.

1 Like

Thank you all for the help and advice! I will give it a go, and see how it goes.

Thanks again! :slight_smile: