Under you can manage WireGuard VPN connections.
| Input field | Description |
|---|---|
| I/0 | A slide switch indicates whether this WireGuard connection is active (I) or inactive (0). Clicking on the slide switch changes the status of this option. |
| Name | Give this WireGuard connection a name. |
| Interface | Selection list in which WireGuard interfaces can be selected. See WireGuard Interfaces. |
| Address | Enter the IP address of the WireGuard interface here. This can be both an implicit IP address (/32 prefix length) and an IP address with prefix length less than 32. |
| Port | Port on the firewall over which the WireGuard connection can be established by the remote peer. For the first connection, the default port 51820 is suggested, then for each additional connection, the port is incremented or the next unused port is suggested. |
Remote peers can be configured under the Peers tab. Click on 
to open the peer dialog.
| Input field | Description |
|---|---|
| Name | Give this remote station a name. |
| Remote Address | Optional external address of the remote terminal that can thus be reached via the Internet. Can also be a domain name. If specified, then the firewall will attempt to initiate the connection. The specification is required if a remote port is specified. |
| Remote Port | Optional port through which the connection is to be established. Required if a remote address is specified. |
| Public Key | The base64-encoded public key of the remote peer. |
| Keep Alive | Interval in seconds for sending packets to maintain the connection, default 25, with a value of 0 the connection is established only when needed. |
| Create Routes | If enabled, then all IP addresses under Allowed IP Addresses are automatically added to the routing table 201. Otherwise, you must create the routes manually. |
| Allowed IP Addresses | IP addresses or networks with subnet mask that are to be accessible via the WireGuard connection. |
Under the Authentication tab, a private/public key pair can be created. These are used by WireGuard instead of certificates.
| Input field | Description |
|---|---|
| Modify Private Key | This option is intended to prevent overwriting a key that has already been entered. Checking this box also enables the Generate Key Pair button. |
| Private Key | Either enter a Base64 string as the private key or leave the field empty. |
| Public Key | The public key for the private key. If necessary, generate it using Generate Key Pair. |
| Generate Key Pair | With a click on this button you create a private / public key pair. If a private key already exists, then you will receive a confirmation prompt. |
| Generate Public Key | With a click on this button you generate a public key for an already entered private key. |
| Copy Public Key | Copy the public key to the clipboard. The copied key can then be entered on the remote site, or sent to the remote site admin. |
The buttons at the bottom right of the edit box depend on whether you are adding a new connection or editing an existing one. For a newly configured connection, click Create to add it to the list of available connections or Cancel to discard your changes. To edit an existing connection, click Save to save the newly configured connection or Reset to discard your changes.
