Regarding pfsense you might also want to read these posts by @meyergru in the OPNsense forum (they are transferable to pfsense more or less):
Regarding using wireguard instead of a full blown router os: If you want to have a complete VPN using an overlay network might be the more sensible option. They use wireguard in the background too. Following talk is a nice overview (it's in German with english slides):
https://programm.froscon.org/froscon2025/talk/8590c4ab-81a9-4be5-9794-50436b5bf49f/
The speaker compared following open source solutions:
Personally I use headscale but every of them should work.
- Read this first: https://forum.opnsense.org/index.php?topic=42985.0
- OPNsense for Dummies especially migrators from Fritzbox (in German, you can use deepl et al): https://forum.opnsense.org/index.php?topic=39556.0
Regarding using wireguard instead of a full blown router os: If you want to have a complete VPN using an overlay network might be the more sensible option. They use wireguard in the background too. Following talk is a nice overview (it's in German with english slides):
https://programm.froscon.org/froscon2025/talk/8590c4ab-81a9-4be5-9794-50436b5bf49f/
The speaker compared following open source solutions:
- headscale/tailscale (Basically tailscale client with headscale as opensource server implementation)
- netMaker
- nebula
- zerotier
- netbird
Personally I use headscale but every of them should work.
