This guide will show you how to setup pfSense and Wireguard with multiple connections to Windscribe’s VPNs for faster speeds and redundancy / failover.
Download config file from Windscribe
Go to https://windscribe.com/getconfig/wireguard
Select Location, Port, and Key Pair
Select New Key Pair if this is the first time generating a config file.
In this guide, we will use Port 443 for the examples.
Download the config file
Repeat steps for each Windscribe server that you want to connect.
Open the config files in a text editor such as Notepad. Each file should contain information about the server address, the public key, and the private key for the VPN connection.
Setup Wireguard tunnels
First, make sure you have the Wireguard package installed on your pfSense device.
Then, go to VPN –> Wireguard –> Add Tunnel
Enable Tunnel
Description –> Name for your tunnel, such as “Windscribe1”
Listen port: The default port is 51820. Additional tunnels must use a different port.
Interface Keys –> Private Key –> Paste the Private Key from the config file you downloaded
Save Tunnel
Repeat steps to create additional Wireguard tunnels to different Windscribe servers.
For the Listen Port, you’ll need to use a different port for each additional tunnel. Use port numbers that are easy to remember for your other tunnels, for example 51821, 51822, etc.
Setup Wireguard interfaces
Go to Interfaces –> Assignments
Add the newly created Wireguard tunnel
When the tunnel is created, it will show up as “tun_wg#”
Click on the new tunnel
Change the description to the name of your tunnel, for example “Wireguard1”
IPv4 Configuration Type –> Static IPv4
Static IPv4 Configuration –> IPv4 Address –> Paste the address from the config file you downloaded
Subnet –> /32
Save Interface
Repeat steps to create additional interfaces for each Windscribe server you will connect.
Setup Wireguard peers
Go to VPN –> Wireguard –> select Peers –> Add Peer
Enable Peer
Tunnel –> Select your newly created tunnel
Description –> Name for your peer configuration, for example “Wireguard1”
Uncheck Dynamic Endpoint
Endpoint –> Paste Endpoint from the config file
Port used by this peer –> Use the port that you selected for your config file, for example 443
Public Key –> Paste PublicKey from the config file
Pre-shared Key –> Paste the PresharedKey from the config file
Allowed IPs –> 0.0.0.0 and subnet /0
Add Description
Save Peer
Repeat steps to create additional peers for each Windscribe server you will connect.
Go to VPN –> Wireguard –> Status
Expand the tunnel and check if you have a green handshake for your peer. At this point, the VPNs should be up but there will be no traffic flowing through the tunnels. You’ll need to create the gateways now.
Next: Setup gateways
Leave a Reply