# 13.1 Wireguard client configuration; no internet



## unInstance (Jul 27, 2022)

I run FreeBSD 13.1 RELEASE on my RPi 3 Model B+. I want to set up Wireguard client on it, so I have installed wireguard from pkg(8). To run the client, I use `wg-quick up /path/to/config`. The command gives out no errors, I can access local hosts, but I cannot access the Internet. I believe this is a routing issue, but I cannot find the problem myself.

I should also mention I have tried that same config on Linux, and it works. Same story with another config.

<PUBLIC_IP> is the same across all outputs.

Output after `wg-quick` (My LAN address is 192.168.3.0/24):

```
[#] ifconfig wg create name darkn17
[#] wg setconf darkn17 /dev/stdin
[#] ifconfig darkn17 inet 10.0.0.17/32 alias
[#] ifconfig darkn17 inet6 fd86:ea04:1115::17/128 alias
[#] ifconfig darkn17 mtu 1420
[#] ifconfig darkn17 up
[#] route -q -n add -inet6 ::/1 -interface darkn17
[#] route -q -n add -inet6 8000::/1 -interface darkn17
[#] route -q -n add -inet 0.0.0.0/1 -interface darkn17
[#] route -q -n add -inet 128.0.0.0/1 -interface darkn17
[#] route -q -n delete -inet <PUBLIC_IP>
[#] route -q -n add -inet <PUBLIC_IP> -gateway 192.168.3.1
[+] Backgrounding route monitor
```

`netstat -rn` before:

```
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            192.168.3.1        UGS         ue0
127.0.0.1          link#1             UH          lo0
192.168.3.0/24     link#2             U           ue0
192.168.3.10       link#2             UHS         lo0

Internet6:
Destination                       Gateway                       Flags     Netif Expire
::/96                             ::1                           UGRS        lo0
::1                               link#1                        UHS         lo0
::ffff:0.0.0.0/96                 ::1                           UGRS        lo0
fe80::/10                         ::1                           UGRS        lo0
fe80::%lo0/64                     link#1                        U           lo0
fe80::1%lo0                       link#1                        UHS         lo0
ff02::/16                         ::1                           UGRS        lo0
```

`netstat -rn` after `wg-quick up`:

```
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
0.0.0.0/1          link#3             US      darkn17
default            192.168.3.1        UGS         ue0
10.0.0.17          link#3             UH          lo0
<PUBLIC_IP>       192.168.3.1        UGHS        ue0
127.0.0.1          link#1             UH          lo0
128.0.0.0/1        link#3             US      darkn17
192.168.3.0/24     link#2             U           ue0
192.168.3.10       link#2             UHS         lo0

Internet6:
Destination                       Gateway                       Flags     Netif Expire
::/96                             ::1                           UGRS        lo0
::/1                              link#3                        US      darkn17
::1                               link#1                        UHS         lo0
::ffff:0.0.0.0/96                 ::1                           UGRS        lo0
8000::/1                          link#3                        US      darkn17
fd86:ea04:1115::17                link#3                        UHS         lo0
fe80::/10                         ::1                           UGRS        lo0
fe80::%lo0/64                     link#1                        U           lo0
fe80::1%lo0                       link#1                        UHS         lo0
ff02::/16                         ::1                           UGRS        lo0
```


----------



## quakerdoomer (Oct 9, 2022)

You are not alone. I was just about to post a similar story but thought of running a search.
Any luck yet? 

My configuration should disallow me from accessing anything local, but I can still ping the router and access everything but the Internet. When everything works well with the same config on Windows, its the other way around. Looks to me like either a pf routing issue or maybe we have to enable ip forwarding. I have also read people posting that when they run wireshark and monitor packets it starts to works.


----------



## quakerdoomer (Oct 14, 2022)

Update: Just succeeded. It was pf. It always is! I have set the correct rules now and it is connecting and routing just fine.
Check your pf rules and the output of `route show anythingwebsitehere.com`

If you connected properly, it should display within the output
`interface: your-wireguard-interfaceORconfigfilename`

Hope you manage to get it working.


----------



## Vovas (Oct 20, 2022)

quakerdoomer said:


> It was pf. It always is!


What did you add or change?


----------



## quakerdoomer (Oct 21, 2022)

I had the policy to block all but the VPN Server's IP address over wlan0 (wifi) and tun0 (OpenVPN). I had not allowed it on the newly created wireguard interface.  I did that later and it worked. Also, do check and mention the correct udp port number.


----------

