this post was submitted on 29 Sep 2023
21 points (88.9% liked)

Selfhosted

40204 readers
548 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
21
wireguard on freebsd (lemmy.sdf.org)
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/selfhosted
 

I am trying to setup a wireguard server on freebsd using this guide. the only thing i've done different is make the AllowedIPs 0.0.0.0/0

I seem to have messed something up because when I have wireguard running, i cannot ping or curl anything from the server. It doesn't take down the machine though, I am still able to ssh into the server.

I still have yet to get the client to actually connect, but i assume this networking issue is a potential cause. googling doesn't seem to help me find anyone with my same issue.

my wg0.conf is as follows

[Interface] Address = 10.96.100.1/32 # address the server will bind to

ListenPort = 51820 # listener port

PrivateKey = [redacted]

[Peer] #phone

AllowedIPs = 0.0.0.0/0

PreSharedKey = [redacted]

PublicKey = [redacted]

top 6 comments
sorted by: hot top controversial new old
[–] [email protected] 9 points 1 year ago (2 children)

By setting AllowedIPs = 0.0.0.0/0 you configure the server to route everything over your phone. It should only be set to the VPN ip of the phone.

[–] [email protected] 3 points 1 year ago

Well ill be darned. Thank you

[–] [email protected] 2 points 1 year ago

Yeah I've always found that AllowedIPs name a little bit misleading. It is mentioned in the manpage:

A comma-separated list of IP (v4 or v6) addresses with CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed.

But I think it's a little funny how setting AllowedIPs also configures how packets are routed. I dunno.

[–] [email protected] 2 points 1 year ago

Slightly off-topic: I'm not too familiar with FreeBSD (I use OpenBSD), but others may be interested to know you may be able to configure wireguard interfaces without installing any packages. It probably just involves running some ifconfig commands at boot via some entries in /etc/rc.conf. See https://docs.freebsd.org/en/books/handbook/network/

[–] [email protected] 1 points 1 year ago

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
Git Popular version control system, primarily for code
IP Internet Protocol
VPN Virtual Private Network

[Thread #177 for this sub, first seen 1st Oct 2023, 04:35] [FAQ] [Full list] [Contact] [Source code]

[–] [email protected] 0 points 1 year ago

@[email protected] you need to change the Iptable rules to the packages are redirected somewhere