# wireguard for vpn?



## sixpiece (Dec 6, 2021)

Question 1: I am able to make a handshake but how can I make it so that my client can request and receive traffic through the server that it has made a handshake connection with. How can I make it so that the server will receive requests and forward the requests outside of the network through the Network Address translator connected to the world wide web as well as transmit the data responses to the client?

Question 2: Does Wireguard work with FreeBSD are there significant issues and what are they?


----------



## sixpiece (Dec 6, 2021)

I followed the instructions here: https://forums.freebsd.org/threads/wireguard.82976/ in a few different ways... no luck...


----------



## diizzy (Dec 6, 2021)

1. Not sure what you're trying to accomplish
2. Works great


----------



## sixpiece (Dec 7, 2021)

diizzy said:


> 1. Not sure what you're trying to accomplish
> 2. Works great







__





						Routing & Network Namespaces - WireGuard
					






					www.wireguard.com
				



-- I would like my ipad to be able to connect to the server and then browse the internet through the server. I also would like to understand the process and be comfortable with it and have my small questions answered so that I can do this. For example, I want the Apache Web Server to work unhindered. I would like to understand how the private networking works so that I do not create more routes than necessary but the meaning of more routes, etc.. And possibly more questions.

From the wireguard website (link above):


> Routing All Your Traffic​A less obvious usage, but extremely powerful nonetheless, is to use this characteristic of WireGuard for redirecting all of your ordinary Internet traffic over WireGuard. But first, let's review the old usual solutions for doing this:
> 
> The Classic Solutions​The classic solutions rely on different types of routing table configurations. For all of these, we need to set some explicit route for the actual WireGuard endpoint. For these examples, let's assume the WireGuard endpoint is demo.wireguard.com, which, as of writing, resolves to 163.172.161.0. Further, let's assume we usually connect to the Internet using eth0 and the classic gateway of 192.168.1.1.
> 
> ...


----------



## m0nkey_ (Dec 7, 2021)

I do believe you made an appearance in the #wireguard IRC channel earlier today. I may be wrong, but your question is very similar.

Why are you adding routes manually? In the [Peer] section of your config, just add AllowedIPs = 0.0.0.0/0, this will automatically configure and send all traffic over the tunnel.

Consider the AllowedIPs configuration item as the routable subnets.

Here's an example client config


```
[Interface]
PrivateKey = [removed]
Address = 10.10.0.2/24
DNS = 192.168.192.1, example.net

[Peer]
PublicKey = [removed]
PresharedKey = [removed]
AllowedIPs = 0.0.0.0/0
Endpoint = [hostname]:[port]
```


----------



## sixpiece (Dec 7, 2021)

m0nkey_ said:


> I do believe you made an appearance in the #wireguard IRC channel earlier today. I may be wrong, but your question is very similar.
> 
> Why are you adding routes manually? In the [Peer] section of your config, just add AllowedIPs = 0.0.0.0/0, this will automatically configure and send all traffic over the tunnel.
> 
> ...



Thank you for the reply...

When I do this wg0.conf will not allow it to do that:

service wireguard restart modifies wg0.conf as follows:


```
root@grocery:/usr/local/etc/wireguard # service wireguard restart
[#] wg showconf wg0
[#] ifconfig wg0 destroy
[#] ifconfig wg create name wg0
[#] wg setconf wg0 /dev/stdin
[#] ifconfig wg0 inet 192.168.222.1 alias
[#] ifconfig wg0 inet 0.0.0.0 alias
[#] ifconfig wg0 mtu 1420
[#] ifconfig wg0 up
[#] route -q -n add -inet 192.168.222.2/32 -interface wg0
[+] Backgrounding route monitor
root@grocery:/usr/local/etc/wireguard # vi wg0.conf
[Interface]
Address = 192.168.222.1
Address = 0.0.0.0
SaveConfig = true
ListenPort = 51820
PrivateKey = itSbigsecretcodeg=

[Peer]
PublicKey = nottellingthekeycodec=
AllowedIPs = 192.168.222.2/32
Endpoint = 223.123.778.255:54245

ios.conf is as follows:

interface
public key

pair
endpoint my ip and port
authorized ips 0.0.0.0/0
```


----------



## m0nkey_ (Dec 7, 2021)

sixpiece said:


> Address = 0.0.0.0


I think this might be your problem. Remove it and try again.


----------



## T_P_H_Beastie (Dec 10, 2021)

Which firewall are you using?
Have you configured your firewall correctly? It could be blocking your traffic.
See the Network section of this guide (for OpenBSD) - https://thomasward.com/openbsd-wireguard/


----------



## sixpiece (Dec 27, 2021)

T_P_H_Beastie said:


> Which firewall are you using?
> Have you configured your firewall correctly? It could be blocking your traffic.
> See the Network section of this guide (for OpenBSD) - https://thomasward.com/openbsd-wireguard/


I got it to work. I think the issue was very simple... but there was something with to do with the firewall I think... and there was also Addresses on the Client must be the Addresses allowed on the Server... the same number this caused issue so it might have been overthought...


----------

