Wireguard on base system forward all internet

BosAtWork

Cadet
Joined
Jun 29, 2019
Messages
3
I know this is early days but I have been trying to setup wireguard in jail without success. After seeing the official blogpost https://www.ixsystems.com/blog/wireguard-on-freenas-11-3/ I managed to get wireguard working on the base system.

I can know succesfully connect to wireguard and have a succesfull handshake and even access the freenas GUI. However I cannot use the internet on the client while connected. I read everywhere you have to setup IPFW rules for forwarding traffic; however the base freenas system doesn't have IPFW enabled.

Is there a recommended way of forwarding all traffic through the Freenas system (not jail) or is this bad practice?
 

BosAtWork

Cadet
Joined
Jun 29, 2019
Messages
3
After spending some more time with it I ended up getting it to work in a jail.

1. Create a new jail with VNET enabled. Also enable allow_tun under Advanced Properties
2. Install wireguard inside the jail pkg install wireguard
3. Create a wireguard config under /usr/local/etc/wireguard/wg0.conf
4. Edit /etc/rc.conf to include

Code:
# Enable Wireguard
wireguard_enable="YES"
wireguard_interfaces="wg0"

#Enable FireWall
firewall_enable="YES"
firewall_type="open"

gateway_enable="YES"
natd_enable="YES"
natd_interface="epair0b"
natd_flags="-dynamic -m"


5. This will reroute all internet to your outfacing interface in my case epair0b

One you have this working you atleast have a basic starting point to try to stricten all firewall rules
 

BosAtWork

Cadet
Joined
Jun 29, 2019
Messages
3
Also on the client don't forget to set PublicDns in wireguard config to a public DNS such as 8.8.8.8
 

kjacques1

Dabbler
Joined
May 6, 2019
Messages
14
Thank you for this guide!
 
Top