Wireguard client- allow local lan access

[xiaotuzi]

Hi,

I am trying to add setup a fireguard connection from my FreeBSD server to an external vpn server. I am able to get the connection running, but then I am not able to ssh into the server from other computers on the local lan.
I then thought I need some sort of split tunnelling adding a route afterwards by adding below line in the Wireguard config file.
PostUp = ip rule add 10.0.0.0/8 -iface vtnet0

but then that is an unknown command.

Any hints on how to handle this.

 

[mumu]

Hi,

I am trying to add setup a fireguard connection from my FreeBSD server to an external vpn server. I am able to get the connection running, but then I am not able to ssh into the server from other computers on the local lan.
I then thought I need some sort of split tunnelling adding a route afterwards by adding below line in the Wireguard config file.
PostUp = ip rule add 10.0.0.0/8 -iface vtnet0

but then that is an unknown command.

Any hints on how to handle this.

That's done with AllowedIPs

AllowedIPs = 0.0.0.0/1, 128.0.0.0/1, ::/1, 8000::/1

 

[SirDice]

but then that is an unknown command.

ip-rule(8) is a Linux command. On FreeBSD you use the route(8) command to add/remove/modify routes.

And when you need to route traffic between interfaces you need to enable routing too. For IPv4 you add gateway_enable="YES" to /etc/rc.conf to enable it.