Aephir
Dabbler
- Joined
- Apr 25, 2021
- Messages
- 47
I wanted to set up Wireguard on my TrueNAS Core 13 system. I saw the official documentation, and thought that this should be pretty straight forward. And it was, for the simple case where you "just" need access to the TrueNAS system.
But trying to build from there, giving access to the entire LAN as well as being able to use as a VPN for WAN access, things started to get more difficult. And after a lot of searching, I see I'm not the only one.
I know this is not, strictly speaking, a TrueNAS question, but more a Wireguard/FreeBSD question. But the vast amount of guides, (answered) questions, etc., I have been able to find are NOT for TrueNAS/FreeBSD, leaving me, and (from what I could Google) a whole lot of other people quite frustrated.
Despite this being a "not strictly TrueNAS issue", I would assume that this is a common use case, and that it therefore might make sense to include this in the documentation - especially since it, from what what I have been able to find, does seem to include some steps that are/can be done in a certain way on a TrueNAS system (e.g., tunables from the GUI)
With that, does anyone have a good guide to allowing access to LAN and WAN from a remote client through the TrueNAS (Core) host using Wireguard?
The official documentation only goes so far. I have tried:
But trying to build from there, giving access to the entire LAN as well as being able to use as a VPN for WAN access, things started to get more difficult. And after a lot of searching, I see I'm not the only one.
I know this is not, strictly speaking, a TrueNAS question, but more a Wireguard/FreeBSD question. But the vast amount of guides, (answered) questions, etc., I have been able to find are NOT for TrueNAS/FreeBSD, leaving me, and (from what I could Google) a whole lot of other people quite frustrated.
Despite this being a "not strictly TrueNAS issue", I would assume that this is a common use case, and that it therefore might make sense to include this in the documentation - especially since it, from what what I have been able to find, does seem to include some steps that are/can be done in a certain way on a TrueNAS system (e.g., tunables from the GUI)
With that, does anyone have a good guide to allowing access to LAN and WAN from a remote client through the TrueNAS (Core) host using Wireguard?
The official documentation only goes so far. I have tried:
- Adding additional `rc.conf` tunables (`wireguard_enable="YES"`, `wireguard_interfaces="wg0"`, `pf_enable="YES"`, `pf_rules="/usr/local/etc/pf.conf"`, `pflog_enable="YES"`, `gateway_enable="YES"`, `ipv6_gateway_enable="YES"`, `net.ipv4.ip_forward="1"`, `net.ipv6.conf.all.forwarding="1"`) as well as adding a /root/pf.conf file and the additional post init script described here.
- Adding the IP forwarding PostUp in the wg0.conf as this documentation suggests (but then wg just didn't seem to start the interface).
- Adding IP tables, Masquerade, etc. in the wg0.conf as described here.
- Several combinations of the above.