January 26, 2021
How to install a VPN Wireguard client in a FreeBSD jail


How to install a VPN Wireguard client in a FreeBSD jail

I put in/arrange a Wireguard VPN server on Debian 10 Linux field. How do I set up, configure and arrange a Wireguard consumer in a FreeBSD jail?

WireGuard is an open-source software program software and communication protocol that implements VPN to create safe point-to-point connections in routed or bridged mode. It was initially developed for Linux however now ported to FreeBSD and different working techniques. This web page explains find out how to set up and arrange WireGuard shoppers on the FreeBSD system, together with jail.



Find out how to set up a Wireguard VPN consumer in a FreeBSD

This information assumes that the WireGuard server is up and operating both Linux or FreeBSD server. See find out how to set up WireGuard:

I examined this information operating on FreeBSD 11.x, however directions stay similar for FreeBSD 12.x.

A be aware about FreeBSD jail

Ensure you unhide tun* and bpf* units in your jail. For instance, right here is my config file displayed utilizing the cat command:
# cat /and so on/devfs.guidelines

add embody $devfsrules_hide_all
add embody $devfsrules_unhide_basic
add embody $devfsrules_unhide_login
add path ‘tun*’ unhide
add path ‘bpf*’ unhide
add path zfs unhide

See my information “Find out how to configure a FreeBSD Jail with vnet and ZFS” for extra info. In case you are utilizing FreeNAS based mostly jail be sure you activate VNET/BPF help as follows in UI:

How to install a VPN Wireguard client in a FreeBSD jail

Step 1 – Replace FreeBSD

Run the next pkg command:
# pkg replace
# pkg improve
Seek for WireGuard bundle, run:
# pkg search wireguard

wireguard-1.0.20200513 Quick, fashionable and safe VPN Tunnel
wireguard-go-0.0.20200320 WireGuard implementation in Go

Step 2 – Putting in a Wireguard VPN consumer in a FreeBSD jail

Execute the next command to put in a Wireguard VPN consumer in a FreeBSD jail or FreeBSD host:
# pkg set up wireguard

How to install a VPN Wireguard client in a FreeBSD jail

Step 3 – Producing personal and public keys for WireGuard VPN consumer

We have to use the wg command command. It’s the configuration utility for getting and setting the configuration of WireGuard tunnel interfaces:
# cd /usr/native/and so on/wireguard/
# umask 077; wg genkey | tee privatekey-remote-ln-sg-vpn | wg pubkey > publickey-remote-ln-sg-vpn
# ls -l
# cat privatekey-remote-ln-sg-vpn publickey-remote-ln-sg-vpn

How to install a VPN Wireguard client in a FreeBSD jail

Step 4 – Creating wg0.conf file

Use a textual content editor equivalent to vim to edit/replace wg0.conf file:
# vim /usr/native/and so on/wireguard/wg0.conf
Pattern config file:

# WireGuard config consumer for Linode VPN server operating on Debian 10 #
## FreeBSD consumer’s personal key right here ##
PrivateKey = {FreeBSD_Jail_PRIVATE_KEY_HERE}## Shopper ip handle as per your arrange ##
Tackle =
## Set DNS as per your VPN arrange ##

## Debian 10 WireGuard server’s public key goes right here ##

## set ACL ##
AllowedIPs =

## Your Debian 10 WireGuard server’s public IPv4/IPv6 handle and port goes right here ##
Endpoint = {WG_PUBLIC_IP}:{WG_PORT}

## Maintain connection alive ##
PersistentKeepalive = 15

Step 4 – Activate WireGuard VPN consumer service

Kind the next sysrc command:
# sysrc wireguard_interfaces=”wg0″
# sysrc wireguard_enable=”YES”

Step 5 – Operating WireGuard VPN consumer on FreeBSD jail for the primary time

The syntax is as follows for the service command:

Begin the wireguard vpn consumer

# service wireguard begin

[#] wireguard-go wg0
INFO: (wg0) 2020/08/08 12:24:37 Beginning wireguard-go model 0.0.20200320
[#] wg setconf wg0 /tmp/tmp.DjieZIFu/sh-np.EtDMVd
[#] ifconfig wg0 inet 172.16.0.Three alias
[#] ifconfig wg0 mtu 1420
[#] ifconfig wg0 up
[#] resolvconf -a wg0 -x
[#] route -q -n add -inet -interface wg0
[#] route -q -n add -inet -interface wg0
[#] route -q -n add -inet 13.xxx.yyy.zzz -gateway
[+] Backgrounding route monitor

Cease the wireguard vpn consumer

# service wireguard cease

Restart the wireguard vpn consumer

# service wireguard restart

Get the standing of wireguard vpn consumer

# wg
# ps aux | grep wireguard

Step 5 – Check WireGuard VPN connectivty

Allow us to confirm VPN connectivty. Run the ping command to ship ICMP ECHO_REQUEST packets to community to VPN server IP handle
# ping -c Four ping

PING ( 56 knowledge bytes
64 bytes from icmp_seq=Zero ttl=64 time=41.848 ms
64 bytes from icmp_seq=1 ttl=64 time=41.683 ms
64 bytes from icmp_seq=2 ttl=64 time=41.793 ms
64 bytes from icmp_seq=Three ttl=64 time=42.089 ms

— ping statistics —
Four packets transmitted, Four packets acquired, 0.0% packet loss
round-trip min/avg/max/stddev = 41.683/41.853/42.089/0.149 ms

Use the ifconfig command and netstat command to view routing info:
# ifconfig
# ifconfig wg0

wg0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric Zero mtu 1420
choices=80000 inet –> 172.16.0.Three netmask 0xffffff00
nd6 choices=101<PERFORMNUD,NO_DAD> teams: tun
Opened by PID 96281

See routing information in your FreeBSD:
# netstat -f inet -r -n
# netstat -f inet6 -r -n
Ensure you get public IPv4/IPv6 handle of your VPN finish level utilizing the host command/dig command/drill command:
# drill TXT +brief o-o.myaddr.l.google.com @ns1.google.com
# dig TXT +brief o-o.myaddr.l.google.com @ns1.google.com

;; ->>HEADERo-o.myaddr.l.google.com. 60 IN TXT “13.xxx.yyy.zzz”



;; Question time: 42 msec
;; WHEN: Sat Aug 8 12:23:05 2020
;; MSG SIZE rcvd: 68


This fast information coated the WireGuard VPN consumer set up and configuration for FreeBSD jail. See WireGuard undertaking documentation or learn man pages by typing the next man command:
$ man Eight wg-quick
$ man Eight wg

Posted by: Vivek Gite

The creator is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a coach for the Linux working system/Unix shell scripting. Get the most recent tutorials on SysAdmin, Linux/Unix and open supply subjects through RSS/XML feed or weekly e mail publication.


About Author