Getting Wireguard to work

[jradxl]

Hello
I'm trying to get Wireguard (wireguard-tools v1.0.20200827) on FreeBSD 12.1-RELEASE-p8-HBSD but I've not had success.
(I've previously got it working between two Ubuntu 20.04 machines, so I'm confident in configuring it)
But I don't know FreeBSD well.

# cat wg0.conf
[Interface]
Address = 192.168.40.1/24
ListenPort = 51440
PrivateKey = <stuff>

# wg-quick up ./wg0.conf
[#] wireguard-go wg0
INFO: (wg0) 2020/09/29 02:13:45 Starting wireguard-go version 0.0.20200320
[#] wg setconf wg0 /tmp/tmp.iIjG9fLd/sh-np.ozVBNl
[#] ifconfig wg0 inet 192.168.40.1/24 192.168.40.1 alias
[#] ifconfig wg0 mtu 1420
[#] ifconfig wg0 up
[+] Backgrounding route monitor

All looks fine to me...

#   ifconfig -a inet
wg0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1420
    options=80000<LINKSTATE>
    inet 192.168.40.1 --> 192.168.40.1 netmask 0xffffff00
    Opened by PID 28234

but when I try to ping I get no response

# ping 192.168.40.1
PING 192.168.40.1 (192.168.40.1): 56 data bytes

In FreeBSD would I expect a ping reponse?
I'm intentionally only showing one site.
Configuring the Peer makes no difference.

 

[diizzy]

Here's a simple config that works for me (tm)

In /etc/rc.conf (both sides)
wireguard_enable="yes"
wireguard_interfaces="wg0"

In /etc/sysctl.conf (both sides)

net.inet.ip.forwarding=1

"Server" (/usr/local/etc/wireguard/wg0.conf)

[Interface]
Address = 10.0.10.1
PrivateKey = <key>
ListenPort = 4345

[Peer]
PublicKey = <key>
AllowedIPs = 192.168.2.0/24
PersistentKeepalive = 25

192.168.2.0/24 (remote network on the "client")

"Client" (/usr/local/etc/wireguard/wg0.conf)

[Interface]
Address = 10.0.10.254
PrivateKey = <key>

[Peer]
PublicKey = <key>
Endpoint = my.wireguard.server.internet:4345
AllowedIPs = 192.168.1.0/24
PersistentKeepAlive = 25

192.168.1.0/24 (remote network on the "server")

Make sure that 10.0.10.X or whatever you decide to use doesn't clash with anything else on both sides and that your firewall allows traffic.

 

[ekvz]

Make sure that 10.0.10.X or whatever you decide to use doesn't clash with anything else on both sides and that your firewall allows traffic.

You mean like 203.0.113.0/24?

 

[rootbert]

this is my script to establish the connection:

/usr/local/bin/wg-quick up wg1
ifconfig wg1 inet 192.168.99.7 192.168.99.1
ifconfig wg1 down up
route -n delete -inet 192.168.99.0/16 -interface wg1
route -n add -inet 192.168.99.0/16 -interface wg1

 

[petlib]

It's a known bug. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=244330