Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.
Resource icon

How-To: Setup a Wireguard VPN Server in a Jail

FreeVel

Junior Member
Joined
Feb 28, 2017
Messages
18
FreeVel submitted a new resource:

How-To: Setup a Wireguard VPN Server on Jail - WireGuard VPN Server

[DRAFT] open to comments

Goal
  • To setup a VPN server based on the Wireguard technology and running from within a Jail.
  • The VPN server would allow remote devices to connect and access resources in the local network
  • All remote traffic should be routed via the VPN channel
Approach Overview
  • [1] The FreeNas host is running on the local network 192.x.x.x/24 using the bge0 iface
  • [2] The Jail is having VNET setup with its own network 172.x.x.x/24...
Read more about this resource...
 

Ziggy

Member
Joined
Oct 7, 2015
Messages
110
Thank you for this detailed and clearly explained tutorial. I'm stuck, however, at this point 'service wireguard start' after the 'wg0.conf' configuration. I assume I paste in the actual keys for private and public? In which case I'm getting the following parsing error:
1594637964051.png

<< >> at each end didn't work; < > at each end didn't work; removing them altogether didn't work.
 

Ziggy

Member
Joined
Oct 7, 2015
Messages
110
Thought I had come across the solution by omitting the << & >> at beginning and end of the keys, but still getting "key is not the correct length or format" parsing error.
:confused:
 

Ziggy

Member
Joined
Oct 7, 2015
Messages
110
Yeah, have tried this, but the instructions after the init scripts are not there and I need a lot of help with the steps after this. Have read loads of tutorials on basic wireguard installation, but there are essentially missing pieces when interpreting for freenas.
 

RSVP

Member
Joined
Feb 11, 2016
Messages
65
hello
ixsystems make an announcement in blog
https://www.ixsystems.com/blog/wireguard-on-freenas-11-3/
why a wireguard in jail, why not a wireguard vpn on FreeNAS ??!!
I think is much simple
in truenas core 12 is already implemented OpenVPN client/server

suuccess
I have messed a bit with this yesterday. I have not been able to get the openvpn server to start after configuration. If anyone has had some success be great to hear about it. Overall. I am so happy that this is being addressed.
 

FreeVel

Junior Member
Joined
Feb 28, 2017
Messages
18
Thought I had come across the solution by omitting the << & >> at beginning and end of the keys, but still getting "key is not the correct length or format" parsing error.
:confused:
you should replace "<< ..text... >> " with your key; remove << >>
make sure you don't miss any characters from the key when you copy and paste
I had the same issue since when you double click / select to copy, you can miss the last character '='

It should look like this

Code:
[Interface]
...
PrivateKey = AFWSMtJi9lYrGb0+E+pHo8XKln8kU1NF6/1+qWj8ZHc=
...

[Peer]
....
PublicKey = kDeSujf1RoaxyZZDF6XyI9e4ikd1MwmcxTRrfJnLLH4=
....
 
Last edited:

FreeVel

Junior Member
Joined
Feb 28, 2017
Messages
18
why a wireguard in jail, why not a wireguard vpn on FreeNAS ??!!
I think is much simple
I agree. This resource is for those that would like to setup a Wireguard VPN solution using a Jail for their own reasons.
 

Ziggy

Member
Joined
Oct 7, 2015
Messages
110
you should replace "<< ..text... >> " with your key; remove << >>
make sure you don't miss any characters from the key when you copy and paste
I had the same issue since when you double click / select to copy, you can miss the last character '='

It should look like this

Code:
[Interface]
...
PrivateKey = AFWSMtJi9lYrGb0+E+pHo8XKln8kU1NF6/1+qWj8ZHc=
...

[Peer]
....
PublicKey = kDeSujf1RoaxyZZDF6XyI9e4ikd1MwmcxTRrfJnLLH4=
....
Yeah, thanks. Did that and it still didn't work for me. Have in the meantime experimented with an ubuntu server vm and set up wireguard on this - with successful remote login on an android device. Only thing is, just as with ubuntu 20.04 desktop, the vm becomes unreachable after less than 24 hours for some reason, both vnc and ssh, and only a reboot fixes the problem. Not a particularly useful solution if I'm away from the physical NAS for long periods. I don't have this problem with earlier versions of distros, so must be something in 20.04 that's incompatible. Couldn't even get Mint 20.04 to install (whereas 19.x had no connection problems). Why not use earlier versions then I hear you ask? Because I'm trying to utilise the benefits of wireguard integration with kernel 5.4. Perhaps I could just update the kernel within Mint 19.x? Would this work? Maybe I should just try ...
 

Patrick M. Hausen

Dedicated Sage
Joined
Nov 25, 2013
Messages
1,684
I agree. This resource is for those that would like to setup a Wireguard VPN solution using a Jail for their own reasons.
You cannot install software on FreeNAS. All additional applications go into jails or VMs.
 

Dan Tudora

Member
Joined
Jul 6, 2017
Messages
88
hello
is not need to install anything in FreeNAS, just

"To do this you must first navigate to System -> Tunables -> Add.
Enable the WireGuard service by adding “wireguard_enable” -> “YES” in rc.conf."
success
 

Ziggy

Member
Joined
Oct 7, 2015
Messages
110
Yes but I need detailed instructions from this point on. Just a regular wireguard config? How to generate keys in shell? Etc?
 

Dan Tudora

Member
Joined
Jul 6, 2017
Messages
88
hello
I just done
not install any piece of software
use SSH (putty) and WinSCP from my Windows laptop to connect to the remote FreeNAS (with a OpenVPN connection on my PFsense)
just I fallow the instruction from iXsystems blog and recommandations from comments

after that I fallow instruction from your tutorial starting from step 3 (genkey, edit wg0.conf, remote.conf, etc.) and adapt for my situation, IP, etc.

reboot FreeNAS (like in iXsystems instruction) and make some modification to the PostInit command like in comments from other people

verify WireGuard service and wg0 interface -> working

forward external IP:PORT on pfsense gateway on the remote network to internal FreeNAS IP:PORT

install Wire Guard on my Windows laptop(client) and add tunnel from my remote.conf file and start tunnel

ping ip of remote server -> working

access FreeNAS interface (at 10.0.11.1 ip) -> working

access SMB share of FreeNAS and transfer some movie file -> working much faster than my OpenVPN connection

I think in this moment you can do another tutorial for starting WireGuard in FreeNAS :D
is not my merit, is yours. I just fallow YOUR instruction

success
 

Dan Tudora

Member
Joined
Jul 6, 2017
Messages
88
hello
now I make a "arrogance", I map SMB FreeNas "Media" folder to my windows laptop and install Plex Media Server
must to wait for plex to add in "Library" movies from my SMB map drive (and have some error when add to plex, maybe from network latency)
but is working
I post after plex add movies
 

Dan Tudora

Member
Joined
Jul 6, 2017
Messages
88
hello
play movies to my local samsung SmartTV from my remote FreeNAS connected with WireGuard with a Plex MediaServer on my local windows laptop working
next will make a WireGuard connectin from my TrueNAS Core 12-beta VM (on my laptop ofcourse) to the FreeNAS remote
after some sleep
success
 

rwatts_tci

Newbie
Joined
Jul 25, 2020
Messages
3
After trying over and over to get openvpn set-up to no avail. This is incredible! Thanks.
 
Top