Date: Wed, 6 Mar 2024 15:16:35 -0700 From: The Doctor <doctor@doctor.nl2k.ab.ca> To: Christopher Waldbach <dracolich@airmail.cc> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Setting up a Wireguard router (with FreeBSD) Message-ID: <ZejrQ7xsehBOYvIl@doctor.nl2k.ab.ca> In-Reply-To: <00f7b360407633f787f061b4d15740b9@airmail.cc> References: <00f7b360407633f787f061b4d15740b9@airmail.cc>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Mar 06, 2024 at 08:50:35PM +0000, Christopher Waldbach wrote: > Good evening, guys and gals! > > I am currently trying to set up a Raspberry Pi 4 (4GB Model) as a > VPN-gateway with Wireguard. Since I got fibre channel for my internet > connection, I gained bandwidth but lost the public IPv4 address. So I can > access my computer again from the net (and maybe run a service or two), I > went to one of the 2?????? VPN providers and got a plan there - one that > includes port-forwarding. :-) > > I put FreeBSD on a smallish (128GB) SSD and it boots without a problem. I am > running FreeBSD 14. > > My problem probably isn't wireguard, but the routing concept of FreeBSD, > which I do not seem to understand completely. Once I added > > gateway_enable="YES" > > to the rc.conf, the Pi passed on packets that came in from other computers > on the same subnet to the internet. Meaning: If I set the Pi as the default > route for another computer, said computer still has full access to the > internet, mtr just shows an additional hop. > > When I fire up the wg0 interface, everything seems fine at first. The Pi > still has access to the web and mtr confirms that indeed the VPN-connection > is being used (the hops are completely different). The routes seem to be set > correctly. However, the computer that uses the Pi as its default route is > now without access to the net. mtr on that machine show exactly one hop: the > Pi. > > I would have expected that this should work like this - even without me > using one of the firewalls of FreeBSD. I get that I will _have_ to use pf or > something else once I want the port(s) to be forwarded and maybe this isn't > very secure, but I was taking this step by step - checking if the routing > works unfiltered and then I wanted to add the filters. > > Am I making a mistake in my reasoning? I know that what I want to do > requires NAT, but does NAT require a firewall? > > Do you have suggestions as to which firewall I should use? > > Thanks for reading! > > Best regards, > Chris > > Are you using Berkeley Packet Filtering? -- Member - Liberal International This is doctor@nk.ca Ici doctor@nk.ca Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising! Look at Psalms 14 and 53 on Atheism ; unsubscribe from Google Groups to be seen What worth the power of law that won't stop lawlessness? -unknown
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ZejrQ7xsehBOYvIl>