Pfsense PIA vpn WireGuard

Anyone who successfully have connected pfsense with PIA vpn using WireGuard?

Do you like to share the procedure? :smiling_face:

(I’m aware of the PIA openvpn knowledge article, but I do prefer WireGuard due to its simplicity)

Thanks.

Tom, has this video https://www.youtube.com/watch?v=ulRgecz0UsQ - working openvpn with PIA

As you are asking, wireguard can not be simple it you are asking for instructions
image

You’re right👍🏼. Resource efficiency is a better word in this case.

Yeah, Tom have several superb videos about PIA configuration. Though, not any that advocate for the wireguard setup. Probably for a good reason :smiling_face:. It may not be supported officially?

I have the same question.

I have been looking all over the forums, and PIA, but just cannot figure out how to setup PIA WireGuard VPN tunnels on my pfSense+ router using the addon pfSense WireGuard Package 0.2.1. .

I want to switch to WireGuard from OpenVPN as it seems to be the faster, smaller footprint, newer tech that will eventually displace OpenVPN.

I am using a SG-2100 on release 23.09.

Anyone have a working solution?

Thanks.

let me share two links:

Yea, tried to use those instruction/scripts last night but wg-quick and wireguard-tools packages are required, and I could not find them in the pfSense repositories. I do not know if they would work in pfSense in any case. Beyond my ability to go further on those.

In case anyone still wants to do this, I was able to configure my pfSense to connect to PIA using WireGuard.

Steps:
1 - Use scripts from GitHub - pia-foss/manual-connections: Scripts for manual connections to Private Internet Access to connect to PIA. Just clone the repository and run ./run_setup.sh

2 - Follow the setup steps from #1 and the scripts will generate a file: /etc/wireguard/pia.conf

3 - Open this file on a text editor. You will find the following information for you to configure your WireGuard tunnel and peer through the pfSense Web UI:
Address: 10.1.149.3 (or whatever is in your pia.conf). You must use this address on a NEW pfSense interface you must create (make sure to select static IP address for it) which is associated with the WireGuard tunnel.
PrivateKey: xxxxxyuyyyyyyxxxyxyxyxyx → you will use this during the creation of the new WireGuard tunnel in pfSense. Enter this on “Interface Keys / private key”

Peer config:
PublicKey: xhxhxhxhxhxhxhxhxxhxh → copy and paste this to a new peer you’re associating with your newly-created WG tunnel
AllowedIPs: 0.0.0.0/24 → copy/paste on your new peer
EndPoint: somePIA-FQDN.com:1337 → copy and paste this to your new peer. Make sure you de-select dynamic endpoint

4 - You need to configure outbound NATs on pfSense using the new interface for all traffic from 192.168.1.1/24 (or whatever your LAN network address is)

5 - You need to configure a gateway for your new interface.

6 - Use policy routing to route all traffic from your LAN (or desired network) to the newly-created gateway from #6.

Hope this helps, it’s working for me. With WireGuard I can get 900mbps down and up from PIA, rather than the ridiculous 300mbps I was getting with OpenVPN connected to the same servers.