Aside from “Wireguard Server on macOS”…
Change Log
July 16th, 2023
Updated the guide to start the Wirguard daemon on system boot instead of user login, as suggested by @[email protected].
June 19th, 2023
Added warning that starting with macOS Ventura the DNS directive prevents the VPN from functioning when set in the server’s config and should be disabled for users running this version or newer until fixed, as reported by Glenn F. Schreiber (a.k.a “theweatherguy”).
January 17th, 2023
Added caveat that the AllowedIPs
value may require adjustment to not interfere with HomeKit video feeds, along with a suggested replacement should that occur, as noticed & suggested by Donavon Buchanan.
January 16th, 2023
Moved the “Update” admonition to the very top of the article (now even about the eye-catch banner image).
January 15th, 2023
Re-added PostDown
script accidentally deleted from previous change.
January 14th, 2023
Updated the guide to support IPv6 connections, thanks entirely to a thorough email and sensible reference repo shared by Donavon Buchanan.
May 28th, 2022
Updated the PostDown
script to now properly remove the pfSense rule set in the PostUp
script instead of just removing the enable
reference. This issue was detected thanks to a report by Alessio Nossa, which remains publicly available on GitHub
May 1st, 2022
Confirmed support on macOS Monterey
June 6th, 2021
Converted all remaining ASCII single and double quotes to proper, “curly” equivalents.
May 3rd, 2021
- Added clarification that the guide as written will obfuscate client IP traffic to appear as if it’s coming from the VPN server’s IP, as suggested by Luke Sandoval.
- Added comment in the daemon plist file to raise awareness that brew’s default executable directory on Apple Silicon Macs is
/opt/homebrew/bin
instead of/usr/local/bin
, as suggested by Corey Watson. - Some grammatical and spelling corrections
- Updated notice to ask the community for help on IPv6 support.
January 14st, 2021
- Removed the unhelpful
LaunchOnlyOnce
flag from the plist as suggested by Olivier Mathieu, since with it set the service would not be restarted if the daemon ever exited unexpectedly. - Finally added the recognition / “Many Thanks To…” section to give proper credit to the guide’s past and future contributors.
- Converted some ASCII single and double quotes to proper, “curly” equivalents.
December 31st, 2020
Confirmed support for macOS Big Sur.
November 29th, 2020
Fixed misspelled daemon plist label (I had incorrectly typed org.wireguard.server
instead of com.wireguard.server
).
May 12th, 2020
Added notice that guide (at the time) only supported IPv4 connections.
May 11th, 2020
Clarified that the command to generate the private/public key pairs will dump them into the current working directory, as suggested by @charlie_thebird.
March 15th, 2020
A complete rewrite of the guide to address countless bugs and bad practices (too many to individually list here). Informed entirely by lifepillar’s brilliant and constructive feedback (his entire writeup remains publicly available on GitHub).
The guide changed so much that I preserved the original (bad) guide in a separate page to remain an historical example of what not to do.
November 16th, 2019
- No longer incorrectly suggest making the pfSense changes to
/etc/pf.conf
, since that’s a protected system file that gets overridden during operating system upgrades. Switched to instead suggest making changes in a separate pfSense config file so it doesn’t get blown out during upgrades. - Confirmed compatibility with macOS Catalina.
For an even more granular change log, click here to browse the file’s history on GitHub.