Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

[Guide] How to configure a Transmission Jail to use WireGuard with Mullvad

emk2203

Guru
Joined
Nov 11, 2012
Messages
537
The script needs to be run in the jail to work. I didn't test if there are commands which only work under Linux.
 
Joined
Oct 22, 2019
Messages
1,050
The script needs to be run in the jail to work. I didn't test if there are commands which only work under Linux.
I ran it in a jail, and it works with the wg-quick up/down commands. The script automatically creates a bunch of config files under /etc/wireguard/ named for each server/city that Mullvad provides.

Just pick your Mullvad server (for example, Sweden 25):

wg-quick up mullvad-se25

You can use that for autostart as well.

As far as only allowing connections through the VPN, that has to be done separately, with the previously mentioned firewall rules.
 
Last edited:

emk2203

Guru
Joined
Nov 11, 2012
Messages
537
If you can switch servers easily, there's real added value to use the script. Guess I have to look more into it.
 
Joined
Oct 22, 2019
Messages
1,050
For me, the message is clear. Use the kernel module even if you have to switch to 13.0-BETA for it if the main purpose of the machine is media server and torrents.
Since the official TrueNAS Core 13 release is around the corner, I want to ask something for clarity:

After upgrading TrueNAS Core to 13.0-RELEASE, in order to transition from the userspace wireguard to the kmod version (for a specific jail), I'd need to "upgrade" my qbittorrent jail to "13.0-RELEASE", and then within the jail simply remove wireguard-go? From what I'm gathering, I don't need to install any additional packages since FreeBSD 13's kernel includes wireguard?

If this is the case, I can then continue to use the same services / configs / scripts / CLI tools, but the only difference is I removed wireguard-go and am now using the built-in module?
 
Last edited:
Joined
Oct 22, 2019
Messages
1,050
Enable IPFW if that's not already the case.

Code:
# sysrc firewall_enable="YES"
# sysrc firewall_script="/etc/ipfw.rules"
# sysrc firewall_logging="YES"
Wanted to mention that the above apparently no longer works, unless you replace firewall with ipfw.

I was scratching my head wondering why it wasn't working, and getting errors about the "firewall" service not existing.

Then when I changed it to the following, everything worked as intended. (Using the same rules in your original post, including allowing local connections.)

Code:
# sysrc ipfw_enable="YES"
# sysrc ipfw_script="/etc/ipfw.rules"
# sysrc ipfw_logging="YES"


I read online of others with a similar problem on FreeBSD, some posts were later 2021, and some in 2022.

Am I interpreting this incorrectly?



UPDATE: It works fine. User/keyboard/typing error. :tongue:
 
Last edited:

Volts

Explorer
Joined
May 3, 2021
Messages
61
Code:
# sysrc ipfw_enable="YES"
# sysrc ipfw_script="/etc/ipfw.rules"
# sysrc ipfw_logging="YES"

I don't think so. Can you share some of those posts & references?

What version is the jail? uname -a.
What's in /etc/rc.conf and what's the output from ipfw list?

The script looks for firewall_enable:
Code:
# grep rcvar /etc/rc.d/ipfw
rcvar="firewall_enable"
 
Last edited:
Joined
Oct 22, 2019
Messages
1,050
You've got to be kidding me.

I wrote up a lengthy reply, with the requested info about my config and system/kernel info and output from ipfw list, but before I posted I wanted to generate the error I was getting and how the firewall wasn't working until I changed it to ipfw.

But then it works just fine! Me and my amazing self must have misspelled it or made a typo somewhere down the line. :oops:
 
Joined
Oct 22, 2019
Messages
1,050
Just to continue from above, I did a test where I ran...

Code:
sysrc thisisatypo_enable="YES"


...and it added it to my rc.conf without any issues. I had assumed that sysrc would do some sort of "check" to make sure that such a service exists in the first place before inserting a line into rc.conf.

I'm so used to systemd/systemctl on Linux. FreeBSD still feels new to me. o_O
 

Volts

Explorer
Joined
May 3, 2021
Messages
61
That works great on my system, but I've been using the thisisatypo service for years. I hope to migrate away from it eventually.
 
Top