← Back to index

opnsense_wireguard_server (Resource)

Server resources can be used to setup Wireguard servers.

Example Usage

// Generate an wireguard_asymmetric_key
// This uses the OJFord/wireguard provider
resource "wireguard_asymmetric_key" "example0" {
}

// Configure a peer
resource "opnsense_wireguard_client" "example0" {
  enabled = false
  name = "example0"

  public_key = "/CPjuEdvHJulOIQ56TNyeNHkDJmRCMor4U9k68vMyac="
  psk        = "CJG05xgaLA8RiisoCAmp2U0v329LsIdK1GW4EMc9fmU="

  tunnel_address = [
    "192.168.1.1/32",
    "192.168.4.1/24",
  ]

  server_address = "10.10.10.10"
  server_port    = "1234"
}

// Configure the server
resource "opnsense_wireguard_server" "example0" {
  name = "example0"

  private_key = wireguard_asymmetric_key.example0.private_key
  public_key  = wireguard_asymmetric_key.example0.public_key

  dns = [
    "1.1.1.1",
    "8.8.8.8"
  ]

  tunnel_address = [
    "192.168.1.100/32",
    "10.10.0.0/24"
  ]

  peers = [
    opnsense_wireguard_client.example0.id
  ]
}

Schema

Required

  • name (String) Name of the server.
  • private_key (String, Sensitive) Private key of this server. Must be a 256-bit base64 string.
  • public_key (String) Public key of this server. Must be a 256-bit base64 string.

Optional

  • disable_routes (Boolean) Disables installation of routes. Usually you only enable this to do own routing decisions via a local gateway and gateway rules. Defaults to false.
  • dns (Set of String) The interface specific DNS servers. Defaults to [].
  • enabled (Boolean) Enable this server. Defaults to true.
  • gateway (String) The gateway IP here when using Disable Routes feature. You also have to add this as a gateway in OPNsense. Must be set when disable_routes is true. Defaults to "".
  • mtu (Number) The interface MTU for this interface. Set to -1 to use the MTU from main interface. Defaults to -1.
  • peers (Set of String) List of peer IDs for this server. Defaults to [].
  • port (Number) The fixed port for this instance to listen on. The standard port range starts at 51820. Defaults to -1.
  • tunnel_address (Set of String) List of addresses to configure on the tunnel adapter. Please use CIDR notation like "10.0.0.1/24". Defaults to [].

Read-Only

  • id (String) UUID of the server.
  • instance (String) The instance number to give the wg interface a unique name (wgX).

Import

In Terraform v1.5.0 and later, use an import block to import opnsense_wireguard_server using the id. For example:

import {
  to = opnsense_wireguard_server.example
  id = "<opnsense-resource-id>"
}

Using terraform import, import opnsense_wireguard_server using the id. For example:

% terraform import opnsense_wireguard_server.example <opnsense-resource-id>