# Wireguard connection problems



## jemail (Sep 17, 2018)

Hi,

I have installed wireguard via pkg successfully using:
`pkg install wireguard`

`pkg info wireguard`
produces:

```
wireguard-0.0.20180625
Name           : wireguard
Version        : 0.0.20180625
Installed on   : Sun Sep 16 21:06:33 2018 CEST
Origin         : net/wireguard
Architecture   : FreeBSD:11:amd64
Prefix         : /usr/local
Categories     : net
Licenses       : GPLv2
Maintainer     : decke@FreeBSD.org
WWW            : https://www.wireguard.com
Comment        : Fast, modern and secure VPN Tunnel
Annotations    :
        FreeBSD_version: 1101001
        repo_type      : binary
        repository     : FreeBSD
Flat size      : 130KiB
Description    :
WireGuard is an extremely simple yet fast and modern VPN that utilizes
state-of-the-art cryptography. It aims to be faster, simpler, leaner,
and more useful than IPSec, while avoiding the massive headache. It
intends to be considerably more performant than OpenVPN. WireGuard is
designed as a general purpose VPN for running on embedded interfaces and
super computers alike, fit for many different circumstances.
```

`wg-quick up wg0`
produces:

```
WARNING WARNING WARNING WARNING WARNING WARNING WARNING
W                                                     G
W   This is alpha software. It will very likely not   G
W   do what it is supposed to do, and things may go   G
W   horribly wrong. You have been warned. Proceed     G
W   at your own risk.                                 G
W                                                     G
WARNING WARNING WARNING WARNING WARNING WARNING WARNING
INFO: (wg0) 2018/09/17 11:35:51 Starting wireguard-go version 0.0.20180613
[#] wg setconf wg0 /tmp/tmp.vo4AdQ8y/sh-np.19x7qk
[#] ifconfig wg0 inet 10.0.0.1 10.0.0.1 alias
[#] ifconfig wg0 inet6 fe80::3697:f6ff:fe9d:4136%wg0 alias
[#] ifconfig wg0 mtu 1420
[#] ifconfig wg0 up
[#] route -q -n add -inet 10.0.0.8/32 -interface wg0
[#] route -q -n add -inet 10.0.0.7/32 -interface wg0
[#] route -q -n add -inet 10.0.0.6/32 -interface wg0
[#] route -q -n add -inet 10.0.0.5/32 -interface wg0
[#] route -q -n add -inet 10.0.0.4/32 -interface wg0
[#] route -q -n add -inet 10.0.0.3/32 -interface wg0
[#] route -q -n add -inet 10.0.0.2/32 -interface wg0
[+] Backgrounding route monitor
```

`ifconfig`
produces:

```
wg0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1420
        options=80000<LINKSTATE>
        inet 10.0.0.1 --> 10.0.0.1 netmask 0xff000000
        inet6 fe80::3697:f6ff:fe9d:4136%wg0 prefixlen 64 scopeid 0x3
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: tun
        Opened by PID 38306
```

My wireguard conf file contains (keys removed for security):

```
[Interface]
Address = 10.0.0.1
Address = fe80::3697:f6ff:fe9d:4136%wg0
SaveConfig = true
ListenPort = 54569
PrivateKey = <...>

[Peer]
PublicKey = <...>
AllowedIPs = 10.0.0.6/32
Endpoint = 192.168.1.1:49313

[Peer]
PublicKey = <...>
AllowedIPs = 10.0.0.7/32
Endpoint = 192.168.1.1:59975

[Peer]
PublicKey = <...>
AllowedIPs = 10.0.0.8/32
Endpoint = 176.191.201.23:46587

[Peer]
PublicKey = <...>
AllowedIPs = 10.0.0.2/32
Endpoint = 192.168.1.1:60018

[Peer]
PublicKey = <...>
AllowedIPs = 10.0.0.3/32
Endpoint = 192.168.1.1:49313

[Peer]
PublicKey = <...>
AllowedIPs = 10.0.0.4/32
Endpoint = 77.129.193.92:50908

[Peer]
PublicKey = <...>
AllowedIPs = 10.0.0.5/32
Endpoint = 192.168.1.1:44408
```

This configuration is taken from a working wireguard configuration on an Odroid with Debian Stretch installed. I checked file format and encoding is unix utf-8.
I cannot connect at all to the wireguard service on my Freebsd 11.2 server. tcpdump shows no connections at all on 10.0.0.1. My client handshake times out. I don't run a firewall on the freebsd server as it is behind a router firewall. I am confused as to why I can connect to my Odroid wireguard service using the same configuration but not the freebsd server wireguard service. All devices/PCs are on the same subnet behind the same router.

Has anyone successfully installed configured and run wireguard on freebsd 11.2? Any one any ideas?


----------



## rf10 (Sep 20, 2018)

Same problem, same OS/version. 

I could see the "server" machine receiving the UDP packets from the "client" machine on the correct port; however, the server never replies. Given that there is no firewall involved, it is not likely to be a firewall issue. 

Without inspecting the code, it would be difficult to troubleshoot the issue. My understanding is that FreeBSD implementation is supported userspace only; I downloaded the go implementation but did not look at it yet. 

If anyone has better ideas, please let us know. It is safe to say that the FreeBSD port is broken.


----------

