Comments on: How To Enable Wireguard on FreeNAS 11.3

By: Steinar Løberg Myrvang

Steinar Løberg Myrvang — Wed, 24 Feb 2021 08:49:22 +0000

In reply to Falk.

Thanks for the guide and thanks to Falk for showing the simplified steps with TrueNAS 12.
But is it normal that the wg IP is “taking over” and you cannot reach the TrueNAS device with the IP belonging to the NIC?

By: Falk

Falk — Wed, 06 Jan 2021 15:00:35 +0000

I’ve made some experiments with wireguard client (for Replication) and TrueNAS 12 – it seems to be possible to simply use “wg-quick up /path/to/wireguard.conf” if you already have a configuration. I’ve run this as a post-init-script and currently, it seems to work. I’ve described the whole process here: https://www.tech-blogger.net/en/truenas-zfs-replication-ueber-wireguard-vpn-einfach-einrichten/

By: Josh

Josh — Sun, 03 Jan 2021 11:25:36 +0000

Thanks for the guide, worked great. I can now access the truenas GUI and shares through my wireguard vpn.
However I cannot access jails/plugins that are on a NAT with port forwarding to the truenas host. For example I can access the jail services via :xyz but not via :xyz
How do you access the jail ports from wireguard?

By: Carlos

Carlos — Sat, 28 Nov 2020 21:32:11 +0000

This guide is for setting up a Wireguard CLIENT on the freenas/truenas system, is it possible to install a Wireguard SERVER, or it´s better to install the server inside a jail.

By: Todd Martin

Todd Martin — Mon, 09 Nov 2020 05:58:05 +0000

I have this as a preinit sommand:
cp /mnt/TANK/apps/wireguard/wg0.conf /usr/local/etc/wireguard/
Keeping it in wireguard folder on my permanent storage in apps dataset.
As a preinit the file is there when the tuneable starts the wireguard service.
It has worked flawless for me from 11.3-beta to now 12.0.

By: Joon Lee

Joon Lee — Thu, 24 Sep 2020 23:12:10 +0000

In reply to Duke.

This is not quite ready for prime time. Please check out this thread: https://www.reddit.com/r/freenas/comments/erluap/how_to_enable_wireguard_on_freenas_113/

By: Joon Lee

Joon Lee — Fri, 31 Jul 2020 00:06:13 +0000

In reply to Damian.

Hi Damian,
This is a good question for the forums. Please post your question here: http://www.ixsystems.com/community

By: Joon Lee

Joon Lee — Fri, 31 Jul 2020 00:05:27 +0000

In reply to Duke.

This isn’t quite ready yet. Check out this thread here: https://www.reddit.com/r/freenas/comments/erluap/how_to_enable_wireguard_on_freenas_113/

By: Duke

Duke — Sun, 19 Jul 2020 03:58:56 +0000

Will this wg0 interface be visible in the gui network-interfaces after this configuration is done?
If not, how do I make it visible?

By: Damian

Damian — Wed, 15 Jul 2020 17:51:15 +0000

Got as far as init scripts but really need a lot of hand holding after this. Am confused as to where to go from here. I created a wg0.conf file, but on reboot ifconfig does not show wg0 interface. Grateful for any help, thanks.

By: merkle.id

merkle.id — Wed, 24 Jun 2020 16:23:11 +0000

the script “mkdir /usr/local/etc/wireguard && cp /root/wg0.conf /usr/local/etc/wireguard/wg0.conf && /usr/local/etc/rc.d/wireguard start”
has to be modified to
“cp /root/wg0.conf /usr/local/etc/wireguard/wg0.conf && /usr/local/etc/rc.d/wireguard start” after the first reboot otherwise /usr/local/etc/wireguard/wg0.conf will be deleted at every boot and wireguard won’t start.
change the script, reboot, and it wg0 will spawn every time.

By: Shogoki

Shogoki — Fri, 15 May 2020 11:55:39 +0000

In reply to Shogoki. Uh, emm. actually i do not have a question. just found out, that the blog post my be outdated or is not working like described and provided the fix already. So, no Question, just a hint for future readers. And maybe we have a chance to update the blog post?

By: Shogoki

Shogoki — Sun, 10 May 2020 12:22:46 +0000

Following the exact steps above did not work for me in FreeNAS 11.3 U2.1
Seems like /usr/local/etc/wireguard is already existing after reboot, when the Post INIT command is running.
Therefore the „mkdir /usr/local/etc/wireguard“ command is failing and the following ones are not executed.
I simply changed the full command to be:
“mkdir -p /usr/local/etc/wireguard && cp /root/wg0.conf /usr/local/etc/wireguard/wg0.conf && /usr/local/etc/rc.d/wireguard start”
(Note the „-p“ behind mkdir), which will make mkdir silently continue if the directory is already there.
Maybe the post can be updated, or at least my comment may helps some others wondering about that.

By: Joe

Joe — Fri, 28 Feb 2020 06:15:21 +0000

In reply to Andrew Alles. Might want to try adding the remote DNS as a second DNS in network manager on Linux or editing the /etc/resolv.conf file with another nameserver.

By: Joon Lee

Joon Lee — Fri, 21 Feb 2020 22:37:31 +0000

In reply to Andrew Alles.

Andrew,
This is a great question for the forums. Try posting it on there to get your question more exposure.
https://www.ixsystems.com/community/forums/networking.22/

By: Andrew Alles

Andrew Alles — Fri, 21 Feb 2020 19:26:55 +0000

Anyone have any luck with DNS resolution over the tunnel with these instructions for a DNS server hosted on a different subnet? Point-to-point traffic works fine across the tunnel; I’ve already got IP forwarding on, so I’m wondering if there’s some NAT stuff I have to do in addition to that.

By: Joon Lee

Joon Lee — Fri, 14 Feb 2020 22:33:31 +0000

In reply to Brian.

Unfortunately, no. This is a tutorial on how to set up Wireguard, not ZeroTier.
Please try posting your question on the forums! http://www.ixsystems.com/community

By: Joon Lee

Joon Lee — Tue, 11 Feb 2020 23:48:48 +0000

In reply to Isaiah Ritter. Isaiah, iptables is for Linux. FreeNAS is a FreeBSD based system so that command won't work.

By: Brian

Brian — Tue, 11 Feb 2020 18:33:23 +0000

Will these changes in 11.3 allow similar procedures work for ZeroTier instead of Wireguard?

By: Isaiah Ritter

Isaiah Ritter — Mon, 10 Feb 2020 01:04:49 +0000

I have followed this guide exactly as described. However, when starting WG, I keep getting the following report. I do not understand why iptables command is not found.
[#] wireguard-go wg0
INFO: (wg0) 2020/02/09 17:02:47 Starting wireguard-go version 0.0.20190908
[#] wg setconf wg0 /tmp/tmp.6DEHwN79/sh-np.yZM9jB
[#] ifconfig wg0 inet 10.100.100.1/24 10.100.100.1 alias
[#] ifconfig wg0 mtu 1420
[#] ifconfig wg0 up
[#] route -q -n add -inet 10.100.100.2/32 -interface wg0
[+] Backgrounding route monitor
[#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/usr/local/bin/wg-quick: line 379: iptables: command not found
[#] rm -f /var/run/wireguard/wg0.sock