← Back to index

opnsense_wireguard_client (Resource)

Client resources can be used to setup Wireguard clients.

Example Usage

// Configure a peer
resource "opnsense_wireguard_client" "example0" {
  enabled = false
  name = "example0"

  public_key = "/CPjuEdvHJulOIQ56TNyeNHkDJmRCMor4U9k68vMyac="
  psk        = "CJG05xgaLA8RiisoCAmp2U0v329LsIdK1GW4EMc9fmU="

  tunnel_address = [
    "192.168.1.1/32",
    "192.168.4.1/24",
  ]

  server_address = "10.10.10.10"
  server_port    = "1234"
}

Schema

Required

  • name (String) Name of the client config.
  • public_key (String) Public key of this client config. Must be a 256-bit base64 string.
  • tunnel_address (Set of String) List of addresses allowed to pass trough the tunnel adapter. Please use CIDR notation like "10.0.0.1/24". Defaults to [].

Optional

  • enabled (Boolean) Enable this client config. Defaults to true.
  • keep_alive (Number) The persistent keepalive interval in seconds. Defaults to -1.
  • psk (String, Sensitive) Shared secret (PSK) for this peer. You can generate a key using wg genpsk on a client with WireGuard installed. Must be a 256-bit base64 string. Defaults to "".
  • server_address (String) The public IP address the endpoint listens to. Defaults to "".
  • server_port (Number) The port the endpoint listens to. Defaults to -1.

Read-Only

  • id (String) UUID of the client.

Import

In Terraform v1.5.0 and later, use an import block to import opnsense_wireguard_client using the id. For example:

import {
  to = opnsense_wireguard_client.example
  id = "<opnsense-resource-id>"
}

Using terraform import, import opnsense_wireguard_client using the id. For example:

% terraform import opnsense_wireguard_client.example <opnsense-resource-id>