Step 1)
Log in to your pfSense router.
Step 2)
Head to System>Package Manager>Available Packages and search for wireguard, click Install to install the wireguard package.
Step 3)
Navigate to VPN>WireGuard and click +Add Tunnel.
Enable: Checked
Description: TorGuard VPN
Listen Port: Leave Blank
Interface Keys: Click generate to generate both private and public keys.
Then, click Save Tunnel
Step 4)
Click Peers and then +Add Peer
Step 5)
Head to the TorGuard Config generator here and generate your Wireguard config, select the wireguard tunnel type, choose your location or enter your Dedicated IP and then enter your TG VPN credentials:
Set your settings to match below:
Enable: Checked
Tunnel: Select tun_wg0 (TorGuard VPN)
Description: TorGuard VPN
Dynamic Endpoint: Uncheck
Endpoint: Set the IP address listed in your wireguard config generated in the previous step and then enter the Endpoint Port which will be: 1443
KeepAlive: 25
Public Key: Enter the public key from the TorGuard config you generated on step 5
Allowed IPs: Enter 0.0.0.0/0
Then click Save Peer.
Step 7)
Now head to Settings and check "Enable WireGuard" and click Save.
Step 8)
The network then becomes OPT1 or similar.
Step 9)
Click the OPT interface name link and put a checkmark beside Enable.
Step 10)
Change the description from OPT1 to WG_TG
In the IPv4 Configuration Type, set this to Static IPv4
In the Static IPv4 Configuration section, set the IPv4 Address to the same IP address assigned in the wireguard config under the [interface] section, for example, 10.13.65.217. Yours may be different. The subnet mask is /32.
Besides IPv4 Upstream Gateway, click the + Add a new gateway button.
Change the Gateway name to WG_TG_GWV4
Set the Gateway IPv4 to the same IP address assigned in the wireguard config under the [interface] section, for example, 10.13.65.217. Yours may be different. The subnet mask is /32 and then click Add
Click the Save button and click the Apply Changes button.
Step 11)
Navigate to Interfaces>LAN and set MSS to 1412 and then click Save and Apply Changes
Step 12)
Firewall Configuration:
Navigate to Firewall>NAT >Outbound.
Select so that Manual Outbound NAT rule generation is checked
Click on Save.
Click on Apply changes.
A few new rules will be displayed under Mappings. Next to each rule, you will find three buttons under the Action category; Edit, Copy and Delete. Click on Copy next to each one and select tun_wg0 as the Interface.
Click on Apply changes.
Step 13) In some cases, tunnel might show up and handshake active but still traffic not going over tunnel, this is normally a bug on pfsense not updating routing table in some version, to fix this go to System > Routing > Groups, add a new group having your wan and vpn interface where vpn interface has tier 1 priority and wan is Tier2 and failover over packet loss, and apply then on System > Router > Select this new group from Default ipv4 gateway dropdown and apply
Verify your connection:
Browse to https://torguard.net/whats-my-ip.php and make sure your IP has now changed.