Hi,
I'm having issues with running wireguard in an iocage jail on FreeBSD 13.0-RELEASE-p10.
The weird thing is, I also had issues with this on my TrueNAS Core system (12.2-RELEASE-p15), but after enabling the allow_tun option for the jail it now runs just fine there.
Here's some config data and the console output I get when I (try to) start wireguard from both systems:
FreeBSD System (currently not working)
Jail's config.json:
Console output:
TrueNAS Core System (currently working)
Jail's config.json:
Console output:
Does anyone here know what might be the issue and how to fix this?
I'm having issues with running wireguard in an iocage jail on FreeBSD 13.0-RELEASE-p10.
The weird thing is, I also had issues with this on my TrueNAS Core system (12.2-RELEASE-p15), but after enabling the allow_tun option for the jail it now runs just fine there.
Here's some config data and the console output I get when I (try to) start wireguard from both systems:
FreeBSD System (currently not working)
Jail's config.json:
Code:
{
"allow_raw_sockets": 1,
"allow_tun": 1,
"basejail": 1,
"boot": 1,
"devfs_ruleset": "4",
"host_hostname": "webserver",
"host_hostuuid": "webserver",
"ip4_addr": "lo1|10.0.0.2/24",
"jail_zfs_dataset": "iocage/jails/webserver/data",
"last_started": "2022-03-31 10:59:09",
"release": "13.0-RELEASE-p10"
}
Console output:
Code:
root@vpn:~ # ls /dev/
crypto fd null ptmx pts random stderr stdin stdout tun0 urandom zero zf
root@vpn:~ # service wireguard start
[#] ifconfig wg create name wg0
[!] Missing WireGuard kernel support (ifconfig: SIOCIFCREATE2: Invalid argument). Falling back to slow userspace implementation.
[#] wireguard-go wg0
┌──────────────────────────────────────────────────────┐
│ │
│ Running wireguard-go is not required because this │
│ kernel has first class support for WireGuard. For │
│ information on installing the kernel module, │
│ please visit: │
│ https://www.wireguard.com/install/ │
│ │
└──────────────────────────────────────────────────────┘
[#] wg setconf wg0 /dev/stdin
Warning: AllowedIP has nonzero host part: 10.0.10.1/24
[#] ifconfig wg0 inet 10.0.10.2/32 alias
[#] ifconfig wg0 mtu 8920
[#] ifconfig wg0 up
[#] route -q -n add -inet 10.0.10.0/24 -interface wg0
[+] Backgrounding route monitor
[#] wg set wg0 private-key /usr/local/etc/wireguard/privatekey
TrueNAS Core System (currently working)
Jail's config.json:
Code:
{
"allow_tun": 1,
"basejail": 1,
"boot": 1,
"host_hostname": "vpn",
"host_hostuuid": "vpn",
"ip4_addr": "vnet0|10.0.0.17/24",
"jail_zfs_dataset": "iocage/jails/vpn/data",
"last_started": "2022-03-27 17:13:49",
"mac_prefix": "0202c9",
"release": "12.2-RELEASE-p15",
"vnet": 1,
"vnet0_mac": "0202c9363831 0202c9363832"
}
Console output:
Code:
root@test:~ # ls /dev/
crypto fd null pts random stderr stdin stdout tun0 urandom zero zfs
root@test:~ # service wireguard start
[#] ifconfig wg create name wg0
[!] Missing WireGuard kernel support (ifconfig: SIOCIFCREATE2: Operation not permitted). Falling back to slow userspace implementation.
[#] wireguard-go wg0
┌──────────────────────────────────────────────────────┐
│ │
│ Running wireguard-go is not required because this │
│ kernel has first class support for WireGuard. For │
│ information on installing the kernel module, │
│ please visit: │
│ https://www.wireguard.com/install/ │
│ │
└──────────────────────────────────────────────────────┘
ERROR: (wg0) 2022/03/31 13:16:49 Failed to create TUN device: open /dev/tun: no such file or directory
[#] ifconfig wg0 destroy
ifconfig: interface wg0 does not exist
Does anyone here know what might be the issue and how to fix this?