Chuck Munro
Cadet
- Joined
- Jan 3, 2016
- Messages
- 8
I am experiencing a mysterious issue with WireGuard Client to be installed on three NAS systems .... two of them are FreeNAS 11.3-U5 and one is TrueNAS Core 12.
My aim is to replace OpenVPN running in a jail, with WireGuard running on the main platform. I am doing the primary test installation on one of the FreeNAS 11.3-U5 machines. If I can make it work correctly I can get rid of the jails.
The WireGuard packages install correctly (wireguard-go and wireguard tools), and the VPN starts and runs after following the instructions in various posts here. The client picks up its correct IP address from the WireGuard server (on a Linux machine). Reboots restart WireGuard correctly, as expected.
The client conf file:
[Interface]
Address = 10.8.0.5/24
ListenPort = 33094
PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[Peer]
PublicKey = yyyyyyyyyyyyyyyyyyyyyyyyyyy
PresharedKey = zzzzzzzzzzzzzzzzzzzzzzzzzzz
AllowedIPs = 10.8.0.0/24
PersistentKeepalive = 10
Endpoint = server_fqdn:33094
But after connecting and configuring ok, the problem starts ... I can't ping or SSH to any other machines on the VPN, but pings and SSH work fine via the same VPN among the other non-FreeNAS machines (Linux and macOS). Pings in both directions between the VPN server and the FreeNAS client fail silently, and SSH just hangs.
Netstat seems to report routing is ok:
Internet:
Destination Gateway Flags Netif Expire
default 192.168.10.1 UGS re0
10.8.0.0/24 wgvpn45 US wgvpn45
10.8.0.5 link#4 UH wgvpn45
127.0.0.1 link#3 UH lo0
192.168.10.0/24 link#2 U re0
192.168.10.45 link#2 UHS lo0
192.168.50.0/24 link#1 U em0
192.168.50.45 ink#1 UHS lo0
All traffic for the other two interfaces (re0 and em0) works correctly, but I can't send or receive anything on net 10.8
The WireGuard config for wgvpn45 has a PersistentKeepalive parameter set to 10 seconds, just in case.
Ipfw reports nothing should stop packets: ' 65535 allow ip from any to any ', and I have net.inet.ip.forwarding set to 1 in the System Tunables GUI.
So ... I must be missing something or I've made a dumb mistake somewhere. Does anyone have any ideas or perhaps seen the same issue?
Thanks in advance for any assistance you can offer,
Chuck
My aim is to replace OpenVPN running in a jail, with WireGuard running on the main platform. I am doing the primary test installation on one of the FreeNAS 11.3-U5 machines. If I can make it work correctly I can get rid of the jails.
The WireGuard packages install correctly (wireguard-go and wireguard tools), and the VPN starts and runs after following the instructions in various posts here. The client picks up its correct IP address from the WireGuard server (on a Linux machine). Reboots restart WireGuard correctly, as expected.
The client conf file:
[Interface]
Address = 10.8.0.5/24
ListenPort = 33094
PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[Peer]
PublicKey = yyyyyyyyyyyyyyyyyyyyyyyyyyy
PresharedKey = zzzzzzzzzzzzzzzzzzzzzzzzzzz
AllowedIPs = 10.8.0.0/24
PersistentKeepalive = 10
Endpoint = server_fqdn:33094
But after connecting and configuring ok, the problem starts ... I can't ping or SSH to any other machines on the VPN, but pings and SSH work fine via the same VPN among the other non-FreeNAS machines (Linux and macOS). Pings in both directions between the VPN server and the FreeNAS client fail silently, and SSH just hangs.
Netstat seems to report routing is ok:
Internet:
Destination Gateway Flags Netif Expire
default 192.168.10.1 UGS re0
10.8.0.0/24 wgvpn45 US wgvpn45
10.8.0.5 link#4 UH wgvpn45
127.0.0.1 link#3 UH lo0
192.168.10.0/24 link#2 U re0
192.168.10.45 link#2 UHS lo0
192.168.50.0/24 link#1 U em0
192.168.50.45 ink#1 UHS lo0
All traffic for the other two interfaces (re0 and em0) works correctly, but I can't send or receive anything on net 10.8
The WireGuard config for wgvpn45 has a PersistentKeepalive parameter set to 10 seconds, just in case.
Ipfw reports nothing should stop packets: ' 65535 allow ip from any to any ', and I have net.inet.ip.forwarding set to 1 in the System Tunables GUI.
So ... I must be missing something or I've made a dumb mistake somewhere. Does anyone have any ideas or perhaps seen the same issue?
Thanks in advance for any assistance you can offer,
Chuck
