Get a Quote     (408) 943-4100   TrueNAS Discord VendOp_Icon_15x15px Enterprise Support
TrueNAS.com Software Systems Company Community Security iX Portal Download
TrueNAS Enterprise TrueNAS SCALE TrueNAS CORE Compare Editions TrueCommand Software Status FreeNAS
Compare Systems F-Series M-Series H-Series R-Series Mini Series
Contact Us iXsystems Careers Clients Reviews
TrueNAS GitHub Community Forum Discord TrueNAS Merch Store
Use Cases Analytics Backup and Archival Cloud Data Mobility File Sharing iX Storj Media Creation Surveillance Virtualization
Industry Education Government Healthcare Research / AI / ML Media & Entertainment
Enterprise Support Community Support Documentation TrueNAS Security FAQ ZFS Overview
TrueNAS Blog Solution Guides Datasheets Case Studies Videos TrueCommand Cloud
Download TrueNAS SCALE Download TrueNAS CORE Get TrueNAS Enterprise Compare TrueNAS Editions Contact an Enterprise Specialist
  1. TrueNAS CORE
  2. /
  3. Configuration Tutorials
  4. /
  5. Network
  6. /
  7. Enabling WireGuard
Edit page
TrueNAS CORETrueNAS CORE Version Documentation
This content follows the TrueNAS CORE 13.0 releases. Use the Product and Version selectors above to view content specific to different TrueNAS software or major version.

Enabling WireGuard

  2 minute read.

WireGuard is a popular option in the VPN marketplace. It is fast, simple, and uses modern cryptography standards. It is possible to connect your NAS to a WireGuard network in a few easy steps. Systems running FreeNAS version 11.3-RC1 through TrueNAS 13.0 have WireGuard capability.

Configure System Tunables for WireGuard

Go to System > Tunables > Add and use these settings to enable the service:

  • Variable = wireguard_enable
  • Value = YES
  • Type = rc.conf

EnableWireguard

Next, create another tunable to define the networking interface:

  • Variable = wireguard_interfaces
  • Value = wg0
  • Type = rc.conf

WireguardInterface

When finished, TrueNAS sets and enables the two variables.

WireguardVariables

Configure a Init/Shutdown Script

Next, create a post-init script. This places the WireGuard config in the correct location at startup.

Go to Tasks > Init/Shutdown Scripts and click Add. Configure the script to load the WireGuard .conf file each time the system boots:

  • Type = Command
  • Command = mkdir -p /usr/local/etc/wireguard && cp /root/wg0.conf /usr/local/etc/wireguard/wg0.conf && /usr/local/etc/rc.d/wireguard start
  • When = Post Init

Configure the WireGuard File

You can configure the /root/wg0.conf file. This applies a WireGuard configuration to attach to whatever WireGuard network you define. It can be a single point-to-point to anything running WireGuard. It can even use full routing. Example use cases are:

  • Access data on a NAS from your Remote Laptop
  • Linking NAS to NAS for replication
  • Attaching a managed NAS to a remote network
  • Access to your NAS from your smartphone

WireguardPostInit

Create the File with WireGuard Configuration to Apply at Boot

Now create the /root/wg0.conf. This is the specific WireGuard configuration to apply at boot. These file settings depend on your specific networking environment and requirements. Their configuration is beyond the scope of this article.

There are quickstart guides and tutorials available online as well as the built-in wg-quick manpage.

Determine that you have a valid /root/wg0.conf. If so, rebooting the system brings up the WireGuard interface with a wg0 device in the output of ifconfig.

wg0DeviceOutput

Related Content

Have more questions or want to discuss your specific configuration? For further discussion or assistance, see these resources:

Found content that needs an update? You can suggest content changes directly! To request changes to this content, click the Feedback button located on the middle-right side of the page (might require disabling ad blocking plugins).