D
Deleted member 59529
Guest
Hi there,
I'm sort of a new user with FreeBSD, so please excuse me if you see some glaring error in my thinking/configs (I'm a Linux admin so there are differences I'm counting on).
So here is my problem - I would like to set up Wireguard on FreeBSD 12, which is mostly done, I think, the last part is the relevant firewall adjustment I can't seem to tackle. Here is what I have:
- the gateway is enabled in rc.conf (gateway_enable="YES")
- Wireguard installed and set up, it is listening, it's 'wg0' interface is online
- when the interface comes up, the routing table gets populated with that
- and otherwise fully. functioning PF ruleset
- the traffic does not seem to reach if wg0 - I even monitored it with tcpdump and nothing, no traffic whatsoever
- the designated WG port is open, I checked it from outside, no problem on that side
- as a bonus, I set up the service on Linux, and in a few minutes I had it up and running (I know how to adjust the firewall there ) - this is only so I could see that it could be done and I was not deemed to complete and utter failure
What I can't seem to solve is to "pass" certain traffic, namely on a specific port (WG's) to wg0 (WG's interface). I have only one interface otherwise, this is a VPS, so my ext_if is vtnet0. I have two interface macros defined in pf, ext_if (vtnet0) and vpn_if (wg0). I've tried many combinations, rdr, nat, simple pass rules but up until this point none of them seemed to do the trick, I'm stuck. I feel like I'm missing some fundamental part of pf that would help me solve this problem, as I tried to set up OpenVPN before and got stuck at the same point.
Could anyone please help me out with this? It's a pet project of mine so nothing critical but it does irk me a bit that I just can't figure this out.
I'm sort of a new user with FreeBSD, so please excuse me if you see some glaring error in my thinking/configs (I'm a Linux admin so there are differences I'm counting on).
So here is my problem - I would like to set up Wireguard on FreeBSD 12, which is mostly done, I think, the last part is the relevant firewall adjustment I can't seem to tackle. Here is what I have:
- the gateway is enabled in rc.conf (gateway_enable="YES")
- Wireguard installed and set up, it is listening, it's 'wg0' interface is online
- when the interface comes up, the routing table gets populated with that
- and otherwise fully. functioning PF ruleset
- the traffic does not seem to reach if wg0 - I even monitored it with tcpdump and nothing, no traffic whatsoever
- the designated WG port is open, I checked it from outside, no problem on that side
- as a bonus, I set up the service on Linux, and in a few minutes I had it up and running (I know how to adjust the firewall there ) - this is only so I could see that it could be done and I was not deemed to complete and utter failure
What I can't seem to solve is to "pass" certain traffic, namely on a specific port (WG's) to wg0 (WG's interface). I have only one interface otherwise, this is a VPS, so my ext_if is vtnet0. I have two interface macros defined in pf, ext_if (vtnet0) and vpn_if (wg0). I've tried many combinations, rdr, nat, simple pass rules but up until this point none of them seemed to do the trick, I'm stuck. I feel like I'm missing some fundamental part of pf that would help me solve this problem, as I tried to set up OpenVPN before and got stuck at the same point.
Could anyone please help me out with this? It's a pet project of mine so nothing critical but it does irk me a bit that I just can't figure this out.