Everything was alright on 13.2 release, then I did binary upgrade to 14.0 release. Now I have to run
I use x86_64 FreeBSD router, my setup is deviates from the usual in two ways: I have to connect to my ISP via PPPoE and I use Wireguard VPN on the router for the whole network. There is my /etc/rc.conf:
Here is the output of
Here is my
My pf.conf:
service wireguard restart after each reboot to have the internet connection work. More details further down:I use x86_64 FreeBSD router, my setup is deviates from the usual in two ways: I have to connect to my ISP via PPPoE and I use Wireguard VPN on the router for the whole network. There is my /etc/rc.conf:
Code:
# Network
hostname="muhrouter.local.net"
# Wireless
wlans_rtwn0="wlan0"
create_args_wlan0="wlanmode hostap country sk"
hostapd_enable="YES"
ifconfig_wlan0="inet 192.168.3.1 netmask 255.255.255.0"
#########
# PPPoE #
#########
mpd_enable="YES"
ifconfig_re1="inet 192.168.2.1 netmask 255.255.255.0" # LAN (build-in NIC)
gateway_enable="YES" # Let packets travel between interfaces.
sshd_enable="YES"
ntpd_enable="YES"
ntpd_flags="-g" # Let NTP daemon make time jumps larger than 1000 sec.
dhcpd_enable="YES"
dhcpd_ifaces="re1 wlan0"
unbound_enable="YES"
ftpd_enable="YES"
# Firewall
pf_enable="YES"
pflog_enable="YES"
# NFS
rpcbind_enable="YES"
nfs_server_enable="YES"
mountd_enable="YES"
# VPN
wireguard_enable="yes"
wireguard_interfaces="wg0"
# The things further down I believe are irrelevant...
# System
kld_list="amdgpu" # Load graphics driver.
clear_tmp_enable="YES"
syslogd_flags="-ss" # No networking.
sendmail_enable="NONE"
moused_enable="YES" # Mouse in console.
powerd_enable="YES" # System state and power control options.
dumpdev="AUTO" # Enable crash dumps.
zfs_enable="YES" # Needed for ZFS.
# Misc
allscreens_flags="-f terminus-b32" # Console font.
keymap="colemak.acc.kbd" # Keyboard layout.
cupsd_enable="YES"
murmur_enable="YES"
frpc_enable="NO"Here is the output of
netstat -rn after service wireguard restart:
Code:
Routing tables
Internet:
Destination Gateway Flags Netif Expire
0.0.0.0/1 link#7 US wg0
default null.null.233.178 UGS ng0
10.68.149.73 link#3 UH lo0
null.null.56.67 null.null.233.178 UGHS ng0
100.104.123.51 link#3 UHS lo0
127.0.0.1 link#3 UH lo0
128.0.0.0/1 link#7 US wg0
192.168.2.0/24 link#2 U re1
192.168.2.1 link#3 UHS lo0
192.168.3.0/24 link#4 U wlan0
192.168.3.1 link#3 UHS lo0
213.81.233.178 link#6 UH ng0
Internet6:
Destination Gateway Flags Netif Expire
::/96 link#3 URS lo0
::/1 link#7 US wg0
::1 link#3 UHS lo0
::ffff:0.0.0.0/96 link#3 URS lo0
8000::/1 link#7 US wg0
fc00:bbbb:bbbb:bb01::5:9548 link#3 UHS lo0
fe80::%lo0/10 link#3 URS lo0
fe80::%lo0/64 link#3 U lo0
fe80::1%lo0 link#3 UHS lo0
ff02::/16 link#3 URS lo0Here is my
ifconfig output:
Code:
re0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
ether 14:eb:b6:53:07:a2
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
re1: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
ether c8:7f:54:50:59:b3
inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=0
ether 14:eb:b6:46:87:c7
inet 192.168.3.1 netmask 0xffffff00 broadcast 192.168.3.255
groups: wlan
ssid mywlan channel 6 (2437 MHz 11g ht/20) bssid 14:eb:b6:46:87:c7
regdomain ETSI2 country SK authmode WPA2/802.11i privacy MIXED
deftxkey 2 AES-CCM 2:128-bit txpower 30 scanvalid 60 protmode CTS ht20
ampdulimit 64k ampdudensity 16 shortgi -stbc -ldpc -uapsd wme
dtimperiod 1 -dfs
parent interface: rtwn0
media: IEEE 802.11 Wireless Ethernet autoselect mode 11ng <hostap>
status: running
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
pflog0: flags=1000141<UP,RUNNING,PROMISC,LOWER_UP> metric 0 mtu 33152
options=0
groups: pflog
ng0: flags=10088d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1460
options=0
inet 100.104.123.51 --> null.null.233.178 netmask 0xffffffff
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
wg0: flags=10080c1<UP,RUNNING,NOARP,MULTICAST,LOWER_UP> metric 0 mtu 16304
options=80000<LINKSTATE>
inet 10.68.149.73 netmask 0xffffffff
inet6 fc00:bbbb:bbbb:bb01::5:9548 prefixlen 128
groups: wg
nd6 options=101<PERFORMNUD,NO_DAD>My pf.conf:
Code:
wg_if = "wg0"
wan_if = "ng0" # Actual interface is 're0', 'ng0' is PPPoE.
lan_if = "re1"
wlan_if = "wlan0"
allowed_icmp = "{ 0, 3, 4, 8, 11, 12 }"
table <wan_blocked> { 192.168.2.3/32 192.168.2.4/32 } # Printer, and switch.
table <local_network> { $lan_if:network $wlan_if:network }
set loginterface $wan_if
set skip on lo0
set block-policy drop
scrub in all no-df random-id max-mss 1440 fragment reassemble
nat on $wg_if from $lan_if:network to any -> ($wg_if)
nat on $wg_if from $wlan_if:network to any -> ($wg_if)
block in all
pass out quick inet modulate state
pass in quick on $wan_if inet proto icmp all icmp-type $allowed_icmp
pass in on { $lan_if $wlan_if } inet
block in log quick on { $lan_if $wlan_if } from <wan_blocked> to !<local_network>null throughout the code sections is used to hide sensitive addresses. Please let me know if I need to share something else.