Wireguard in a FreeBSD Jail
I spent the better part of my Friday night reinstalling my NAS server for homelab purposes. Through this experience, I found I wanted to capture what I learned and where I found answers for archiving purposes. I found many answers online that either didn’t work for me or called for a different type of implementation. I link some notable guides and threads in the reference section below.
Setup #
Wireguard is pretty simple and straight forward to install on any unix system. If you have any questions or see a place were an update should be made, send me and email or contact me on keybase.
- Create a jail Create jail conf. More information on creating and controlling jails can be found here
wireguard_jail {
vnet;
devfs_ruleset = "10";
}
- Install Wireguard in jail
pkg install wireguard
- Generate Keys
wg genkey | tee privatekey | wg pubkey > publickey
- Update rc.conf
# Enable Wireguard
wireguard_enable="YES"
wireguard_interfaces="wg0"
#Enable FireWall
firewall_enable="YES"
firewall_type="open"
gateway_enable="YES"
natd_enable="YES"
natd_interface="[INTERFACE NAME]"
natd_flags="-dynamic -m"
- Create wireguard server conf I created my file in /usr/local/etc/wireguard
# wg0.conf
[Interface]
PrivateKey = [SERVER PRIVATE KEY]
MTU = 1500
Address = 172.16.1.1/24
ListenPort = 51820
[Peer]
PublicKey = [CLIENT PUBLIC KEY]
AllowedIPs = 172.16.1.5/32
- Start wireguard
service wireguard start