jails running wireguard on jail and the host.

M

mr8ash

I m using freebsd 13.1-RELEASE p2 and running wireguard on the host and jail. The jail in in an environment. I am also running a custom kernel.
My questions are, is it possible to use wireguard in the jail and also on the host? If it is, how do I do it?
Thank you all very much in advance.
 
I'd imagine it's just setting up wireguard twice. Once in the jail, another time on the host? Have you at least tried that yet?
 
Whattteva said:
I'd imagine it's just setting up wireguard twice. Once in the jail, another time on the host? Have you at least tried that yet?
Click to expand...
Thanks for the reply. done those. both are running. is it possible to use the jailed wireguard on the host too.
 
I don't see why not, they both have their own separate network stacks as long as you're using VNET jail. What exactly are you trying to do?
 
Whattteva said:
I don't see why not, they both have their own separate network stacks as long as you're using VNET jail. What exactly are you trying to do?
Click to expand...
I m running a netgraph jail. finally managed to get it up and running with network access. I m trying to run just one wireguard service in the jail, which will also provide vpn connection to the host.
 
mr8ash said:
I m running a netgraph jail. finally managed to get it up and running with network access. I m trying to run just one wireguard service in the jail, which will also provide vpn connection to the host.
Click to expand...
Sounds like what you need to do is to setup the jail as a gateway and possibly as a firewall too. I've never tried it like that. Usually, my use case is to have some service I want to be isolated in a jail and it would be connected to a VPN with pf running alongside to make sure there's no leakage outside of the VPN connection. I think, the only thing extra that you need added to that setup is for the jail to have ip forwarding turned on so it can act as a gateway.

Since I've never done what you're trying to do before, I'm not sure if you could set it up like that, but no harm done in trying.
 
You must log in or register to reply here.
Back
Top