Firewalla VPN Server supports both OpenVPN and Wireguard VPN(beta). Here is the guide on how to configure WireGuard VPN. If you want to learn more about what is Firewalla VPN server, please refer to this article: Firewalla VPN Server
This feature is available in Firewalla Gold and Blue Plus
Wireguard is a newer (when compared with OpenVPN) VPN protocol, and like OpenVPN is also open source. This protocol is simpler than OpenVPN and can have a higher encryption rate. (References https://wireguard.com https://en.wikipedia.org/wiki/WireGuard)
- WireGuard is UDP base. (OpenVPN can run over TCP/UDP)
- On the Firewalla Gold, the performance is 1.5 to 2 time faster than OpenVPN
- WireGuard source code is new and it is a lot simpler than OpenVPN
1. To Enable Wireguard
2. Configure Port Forwarding
Similar to OpenVPN, Wireguard requires the port to be accessed from outside.
- If you are using Firewalla Gold, and it is running in Router mode without double NAT, no need to worry about this step. The "Port Forwarding" will be shown as complete.
- If your router has UPnP enabled (as most routers do), then it is simple, Firewalla will do everything for you. If your router doesn't support UPnP, you will need to manually set up port forwarding on your home router. Tutorial: How to set up port forwarding for VPN Server
3. Install Wireguard App
To connect to Wireguard VPN, you will need to install Wireguard App on your mobile or desktop device. Here is the official installation guide provided by Wireguard.
4. Configure Wireguard App
Once you installed the client, you'll need a profile to help you set up the VPN Connection.
Tap Setup -> Add a Client, a client will be created automatically.
Note: Up to 6 clients are supported now. Please do NOT use the same VPN profile on different Wireguard clients at the same time.
Tap the client, it will show you a profile and a QR code. There are two ways to use Wireguard App to connect your device to Wireguard VPN Server: Create from file, or create from QR code.
Here is an example of the Wireguard App on iOS:
Comments
13 comments
Anyone else having issues With WireGuard on the new release?
To me it looks like it’s not resolving the DNS as I can’t connect to any site through the VPN.
I’ve tried changing the DNS in the network section for WireGuard to an external DNS and still nothing. I’ve reset the config and downloaded the file again. This is on two different profiles..
All sorted, complete delete including clients. Not sure what happened the first time.
This is great. Thanks for implementing it.
Can WireGuard and the OpenVPN solution coexist on the Firewalla?
Yes, OpenVPN and Wireguard can live together nicely.
Andy Brown, I was having the same issue. I had to edit the tunnel to set the firewalla box as an allowed ip.
Hi. I am having issues enabling wireguard. I tried it as soon it was released without problems, but decided to the disabled it since i was using opvn. Now, I am trying to reenable wireguard through the phone app and I get the error "Error setting firerouter config".
Apparently Firewalla WireGuard Server now allows six profiles.
I am having similar problems. wireguard VPN is getting activated without any issues but i am not able to access any site. I tried removing the client and VPN setup completely and also tried adding the Firewalla box IP to the tunnel but still no luck. Any pointers how to resolve? I've setup my Firewalla in `Router Mode` and Wifi Router at AP mode. Thus it doesn't have Port forwarding Option enabled.
look at "port forwarding" and make sure it says "Complete". If not, it is likely your main modem/router is not in bridge mode, or you do not have a public IP. and that can be checked here. https://help.firewalla.com/hc/en-us/articles/360055686674-How-to-see-if-you-have-a-public-IP-address-
Thanks for quick response. Yes, My Wifi Router (Orbi) is in AP Mode (essentially Bridge), Firewalla Gold is in Router Mode. On Both OpenVPN and WireGuard I could see Manual Setup required. If i m not wrong, port forwarding needs to be completed at router level. Orbi in Bridge mode disables this feature (or allows all ports from router since its in bridge mode). I tried adding UDP port on Firewalla App --> Networking --> NAT Settings --> New Port Forwarding but that didn't help.
Did a speed test via Wireguard. My plan is of 250Mbps, and the Wifi I was on at friend's place was 150M. I got 100Mbps via Wireguard.
Do Firewalla’s support site to site VPN?
@phillip yes but I think OpenVPN only for now.
Please sign in to leave a comment.