ALL ABOUT VPNs in OPNsense! Wireguard, OpenVPN, and IPSec Setup and Configuration

20 thoughts on “ALL ABOUT VPNs in OPNsense! Wireguard, OpenVPN, and IPSec Setup and Configuration”

• My goodness, one of the best vpn videos for opnsense. Bravo!!

• OPNsense tutorial about vxlan over wireguard would be awesome. There is literally no decent tutorial about it out there. I have a use-case where windows clients must be able to hear L2 broadcast traffic (from FlexRadio SDR's) from a remote lan, where OPNsense is doing firewalling. People typically use ZeroTier or SoftEther for that, but I feel like wireguard + vxlan would be so much "cleaner", faster/lower latency, predictable and maintainable solution.

• In the ClientAccess configuration, why did you use a public routable IPv6 address for the tunnel? Is this going to leak some data outside the tunnel if the WG server – for some reason – goes offline? Thanks

• ocserv / AnyConnect works with well for me as a backup for wireguard in restricted networks

• Awesome video! Its great seeing you put out high quality opnsense content, there's not enough of it on youtube.

  For anybody who is interested in the the policy based routing, another cool thing you can do with it is setup a killswitch to prevent any VPN intended traffic from egressing the WAN in the event that the VPN tunnel goes down for some reason:
  – On the firewall rule where you specified an alias as the source and the gateway as the VPN, click 'show advanced' and add an identifying string in the 'set local tag' field
  – On the floating rules page, add a rule that:
  – Is on the WAN interface
  – Blocks immediately on match
  – Direction = out
  – Click 'show advanced', and enter your identifying string into the 'match local tag' field

  You should be good to go at this point. You can test to make sure it works by stopping the VPN service while running a continuous ping from host you are trying to tunnel though the VPN. Once you stop the service the pings should start timing out.

• Can you do opnsense vlans next?

• Anybody looking for an outgoing VPN provider that is not advertised I recommend AirVPN. There is probably not much difference between the shill VPN services and something with a moral high ground but after trying many VPN providers it was less happy about the shill services. It's all basically farming money out of your wallet anyhow so you do what you want with your own money!

• 56:42..
  TLDR.. ;-))

• Amazing,
  I would like to see next video about DNS, maybe using adguard or pi-hole, or just some sort of dns filter inside unbound on opnsense

• Thank you!

• I've been waiting for this!

• Never in the tens of thousands of YouTube videos I've watched have I experienced more ads and ad time than this video. OMFG dude 🙄

• how about XRAY/vless/vmess/reality?

• The Internet is kinda like the movie Inception when it comes to networks…. It's a network of networks of networks of networks of networks …… 😛

• Hi there. I'm behind a cgnat and my isp is not letting me open ports. How can i remote access my home server in the best way possible? I've used tailscale and it works great but i want to share my jellyfin among friends who aren't gonna wanna install tailscale. Can u suggest a better way?

• Learned a lot. Ty

• Amazing video! Thanks for clarifying things.

• They must have Stockholm in Switzerland… somewhere… for sure 😉

• Get your snacks ready.

• +1

Comments are closed.