Pfsense PIA vpn WireGuard

cjmdk · November 22, 2023, 1:19pm

Anyone who successfully have connected pfsense with PIA vpn using WireGuard?

Do you like to share the procedure?

(I’m aware of the PIA openvpn knowledge article, but I do prefer WireGuard due to its simplicity)

Thanks.

Paul · November 22, 2023, 2:08pm

Tom, has this video https://www.youtube.com/watch?v=ulRgecz0UsQ - working openvpn with PIA

As you are asking, wireguard can not be simple it you are asking for instructions

cjmdk · November 22, 2023, 6:05pm

You’re right👍🏼. Resource efficiency is a better word in this case.

Yeah, Tom have several superb videos about PIA configuration. Though, not any that advocate for the wireguard setup. Probably for a good reason . It may not be supported officially?

FCS001FCS · December 4, 2023, 5:30pm

I have the same question.

I have been looking all over the forums, and PIA, but just cannot figure out how to setup PIA WireGuard VPN tunnels on my pfSense+ router using the addon pfSense WireGuard Package 0.2.1. .

I want to switch to WireGuard from OpenVPN as it seems to be the faster, smaller footprint, newer tech that will eventually displace OpenVPN.

I am using a SG-2100 on release 23.09.

Anyone have a working solution?

Thanks.

pavlos · December 4, 2023, 5:34pm

let me share two links:

github.com

triffid/pia-wg/blob/master/pia-wg.sh

#!/bin/bash

# original script posted by tpretz at https://www.reddit.com/r/PrivateInternetAccess/comments/g08ojr/is_wireguard_available_yet/fnvs20c/
# and at https://gist.github.com/tpretz/5ea1226517d95361f063f621e45de0a6
#
# significantly modified by Triffid_Hunter
#
# Improved with suggestions from Threarah at https://www.reddit.com/r/PrivateInternetAccess/comments/h9y4da/is_there_any_way_to_generate_wireguard_config/fv3cgi9/
#
# After the first run to fetch various data files and an auth token, this script does not require the ability to DNS resolve privateinternetaccess.com

while [ -n "$1" ]
do
	case "$1" in
		"-r")
			shift
			OPT_RECONNECT=1
			;;
		"-c")
			shift

This file has been truncated. show original

FCS001FCS · December 4, 2023, 5:39pm

Yea, tried to use those instruction/scripts last night but wg-quick and wireguard-tools packages are required, and I could not find them in the pfSense repositories. I do not know if they would work in pfSense in any case. Beyond my ability to go further on those.

swittertortoise · March 18, 2024, 6:32am

In case anyone still wants to do this, I was able to configure my pfSense to connect to PIA using WireGuard.

Steps:
1 - Use scripts from GitHub - pia-foss/manual-connections: Scripts for manual connections to Private Internet Access to connect to PIA. Just clone the repository and run ./run_setup.sh

2 - Follow the setup steps from #1 and the scripts will generate a file: /etc/wireguard/pia.conf

3 - Open this file on a text editor. You will find the following information for you to configure your WireGuard tunnel and peer through the pfSense Web UI:
Address: 10.1.149.3 (or whatever is in your pia.conf). You must use this address on a NEW pfSense interface you must create (make sure to select static IP address for it) which is associated with the WireGuard tunnel.
PrivateKey: xxxxxyuyyyyyyxxxyxyxyxyx → you will use this during the creation of the new WireGuard tunnel in pfSense. Enter this on “Interface Keys / private key”

Peer config:
PublicKey: xhxhxhxhxhxhxhxhxxhxh → copy and paste this to a new peer you’re associating with your newly-created WG tunnel
AllowedIPs: 0.0.0.0/24 → copy/paste on your new peer
EndPoint: somePIA-FQDN.com:1337 → copy and paste this to your new peer. Make sure you de-select dynamic endpoint

4 - You need to configure outbound NATs on pfSense using the new interface for all traffic from 192.168.1.1/24 (or whatever your LAN network address is)

5 - You need to configure a gateway for your new interface.

6 - Use policy routing to route all traffic from your LAN (or desired network) to the newly-created gateway from #6.

Hope this helps, it’s working for me. With WireGuard I can get 900mbps down and up from PIA, rather than the ridiculous 300mbps I was getting with OpenVPN connected to the same servers.