Skip to main content
All CollectionsNetworking Using Telnyx
Telnyx Networking on PfSense
Telnyx Networking on PfSense

Guide on setting up Telnyx networking on pfSense. Ensure seamless connectivity!

Telnyx Engineering avatar
Written by Telnyx Engineering
Updated over a week ago

PfSense with the Telnyx Network

Step 1: Telnyx Configuration with PfSense

Reference the introduction to Telnyx Networking section located here: Telnyx Configuration


Copy and take note of the Peer Configuration file along with the private key that you got assigned from the above tutorial, it should look like the following:

Peer Configuration file.

Step 1.5 Telnyx Setup using API

We can also utilize direct API calls to set up everything from above

  1. Create a new Network

curl --request POST \
--url https://api.telnyx.com/v2/networks \
--header 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
--header 'Content-Type: application/json' \
--data '{
"name": "Test Network"
}'

2. Create a Wireguard Interface

curl -i -X POST \
https://api.telnyx.com/v2/wireguard_interfaces \
-H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
-H 'Content-Type: application/json' \
-d '{
"network_id": "<NETWORK_ID_HERE>",
"name": "test interface",
"region_code": "ashburn-va"
}'

3. Create a Wireguard Peer

curl -i -X POST \
https://api.telnyx.com/v2/wireguard_peers \
-H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
-H 'Content-Type: application/json' \
-d '{
"wireguard_interface_id": "<WIREGUARD_INTERFACE_ID_HERE>"
}'

Note: At this current stage, only ports 80/443 are supported and are looking into broadening this to encompass more ports.

Step 2. PfSense Configuration

  1. Ensure you have the Wireguard package installed

  2. Setup Wireguard on Pfsense

    1. Navigate to VPN -> Wireguard

    2. Add a new Tunnel

      1. Give the tunnel a descriptive name, like telnyx_wg.

      2. Paste the Private Key from Telnyx Setup: 3. Create a Wireguard Peer into Private Key for the Interface Keys.

    3. Add a new Peer

      1. Uncheck the Dynamic Endpoint

      2. Paste the Endpoint from Telnyx Setup: 3. Create a Wireguard Peer into Endpoint.

      3. Paste the Public Key from Telnyx Setup: 3. Create a Wireguard Peer into Public Key

      4. Paste the allowed IPs from Telnyx Setup: 3. Create a Wireguard Peer into Allowed IPs

  3. Setup the Interface for Wireguard

    1. Navigate to Interface -> Assignments

    2. Add a new interface with the Wireguard tunnel (ie, telnyx_wg)

    3. Click on the Interface to edit it

      1. Set IPv4 Configuration Type to Static IPv4

      2. Under Static IPv4 Configuration, set the IPv4 Address to the Interface Address found in Telnyx Setup: 3. Create a Wireguard Peer

      3. Select /16 for the subnet mask.

Step 3. Setting up 1:1 NAT and outbound NAT

You will need two NAT configs:

  • The 1:1 NAT so that when traffic ingresses through your Wireguard peer, it will route to your service VM

  • Outbound NAT so that your service VM can send the traffic back to your pfsense instance without needing to know about the route to the Wireguard interface, and your pfsense instance can send the traffic back to the Wireguard gateway

  1. Create a 1:1 NAT mapping with the following:

    1. Interface: the Wireguard tunnel interface

    2. External subnet: Wireguard tunnel Interface address

    3. Internal IP: the IP address of the machine you are hosting your machine on

Wireguard firewall interface.

2. Create an Outbound NAT with the following:

  1. Interface: WAN interface (or whichever interface your VM is also listening on)

  2. Address Family: IPv4 + IPv6

  3. Protocol: any (restrict as you would like)

  4. Source: Any (restrict as you would like)

  5. Destination: specify the IP address of your VM on the Interface

  6. Translation

    1. Address: Interface Address

Advanced Outbound NAT Entry.

Did this answer your question?