how to enable wireguard service in freebsd14.2?

monwarez said:
Can you show us the server configuration and the client one ?
It seems weird that the client use 192.168.200.0 ip, from the previous discussion it seems that the client was 192.168.200.2
Click to expand...
Dear monwarez:
below is my vpn server configure ,
1. /etc/rc.conf
#enable wireguard
wireguard_enable="yes"
wireguard_interfaces="wg999"

2.cat wg999.conf

[Interface]
ListenPort = 58000
PrivateKey = EHssssssssssssssssssssssssssssss
Address = 192.168.200.1/24

[Peer]
PublicKey = Ussssssssssssssssssssssssssss
AllowedIPs = 192.168.200.0/24

3 . wireguard status
service wireguard status
interface: wg999
public key: Tasfdasdfasdfasdfasdf8=
private key: (hidden)
listening port: 58000

peer: UNasdfasdfasdfasdfasda
allowed ips: 192.168.200.0/24

3. error : ifconfig wg999 debug
wg999: No valid endpoint has been configured or discovered for peer 0

this is a vpn server in my vps....why we need to configure endpoint in this server ?

please help me . thanks.
 
Can you follow the standard format for wireguard, you insist on not using the port version, but you keep using stuff intended for wg-quick. There is no Address field in regular wg.
See
The configuration file format is based on INI. There are two top level
sections -- Interface and Peer. Multiple Peer sections may be
specified, but only one Interface section may be specified.

The Interface section may contain the following fields:

• PrivateKey — a base64 private key generated by wg genkey.
Required.

• ListenPort — a 16-bit port for listening. Optional; if not
specified, chosen randomly.

• FwMark — a 32-bit fwmark for outgoing packets. If set to 0 or
"off", this option is disabled. May be specified in hexadecimal
by prepending "0x". Optional.

The Peer sections may contain the following fields:

• PublicKey — a base64 public key calculated by wg pubkey from a
private key, and usually transmitted out of band to the author
of the configuration file. Required.

• PresharedKey — a base64 preshared key generated by wg genpsk.
Optional, and may be omitted. This option adds an additional
layer of symmetric-key cryptography to be mixed into the already
existing public-key cryptography, for post-quantum resistance.

• AllowedIPs — a comma-separated list of IP (v4 or v6) addresses
with CIDR masks from which incoming traffic for this peer is
allowed and to which outgoing traffic for this peer is directed.
The catch-all 0.0.0.0/0 may be specified for matching all IPv4
addresses, and ::/0 may be specified for matching all IPv6
addresses. May be specified multiple times.

• Endpoint — an endpoint IP or hostname, followed by a colon, and
then a port number. This endpoint will be updated automatically
to the most recent source IP address and port of correctly
authenticated packets from the peer. Optional.

• PersistentKeepalive — a seconds interval, between 1 and 65535
inclusive, of how often to send an authenticated empty packet to
the peer for the purpose of keeping a stateful firewall or NAT
mapping valid persistently. For example, if the interface very
rarely sends traffic, but it might at anytime receive traffic
from a peer, and it is behind NAT, the interface might benefit
from having a persistent keepalive interval of 25 seconds. If
set to 0 or "off", this option is disabled. By default or when
unspecified, this option is off. Most users will not need this.
Optional.
Click to expand...
What is the IP of the peers ? Pretty sure that it is not 192.168.200.0.
You have to set an IP for each peers that connect to the vpn.
The vpn server itself should use another IP, usually you go with the first 192.168.200.1
 
monwarez said:
Can you follow the standard format for wireguard, you insist on not using the port version, but you keep using stuff intended for wg-quick. There is no Address field in regular wg.
See

What is the IP of the peers ? Pretty sure that it is not 192.168.200.0.
You have to set an IP for each peers that connect to the vpn.
The vpn server itself should use another IP, usually you go with the first 192.168.200.1
Click to expand...
richardtoohey2 said:
I think that's the fourth time the OP has been told this part. We are going round in circles.
Click to expand...
Dear monwarez and richardtoohey2:
when i installed wireguard-tools ,

1. rc.conf configure
#enable wireguard
wireguard_enable="yes"
wireguard_interfaces="wg0"


#enable ip packet forward
gateway_enable="yes"

2. wg0 conf
[Interface]
ListenPort = 58000
PrivateKey = Esfasa=
address = 192.168.200.1/24

[Peer]
PublicKey = Uasdfasdf=
AllowedIPs = 192.168.200.0/24

. i find my question core is the vps block traffic. so , vpn can't handshark success. thanks.
 
richardtoohey2 said:
I think that's the fourth time the OP has been told this part. We are going round in circles.
Click to expand...
Dear richardtoohey2:
other question. 1. i have pc with ipv6 address , and can go to a part of internet. google.com.github .etc. can't access.
2. now i have apply a vps with internet ipv6 addreess. this vps can go to anywhere we want .
what is the best way to do let vps share internet with my home pc ? thanks.

is best way that vpn can do it , or other way ?
somepeople, tell me . we no need vpn to do that with ipv6.? i don't know what is the best sulotion. thanks. please help me .
 
You must log in or register to reply here.
Back
Top