Wireguard trials
From wikinotes
Failed wireguard experiments.
wireguard in FreeBSD in jail (non vtnet)
NOTE:
Unsuccessful - I was able to make /dev/tun0 visible within jail (and to ifconfig)
but upon wireguard startup I'm hitting issues because of a missing /dev/tun.
Instead, I'll just run it on the host and bridge the interface to the jails...
See https://forums.freebsd.org/threads/openvpn-server-in-jail-using-a-tun-device.22143/
Create /dev/tun0 on host
# /etc/rc.conf # creates 'tun0' on every boot # (place before jails defined) # (following reboot, ifconfig should show tun0) cloned_interfaces="tun"Devfs rule to unhide /dev/tun0 in jails
Create devfs rules to expose tun0 to jail.
The rule number assigned within[]
s should be incremented
over last rule number from/etc/defaults/devfs.conf
.# /etc/devfs.conf # Support for TUN devices (?? is this needed ??) [devfsrules_unhide_tun=5] add path tun0 unhide # Unhide TUN within jail [devfsrules_jail_unhide_tun=6] add include $devfsrules_hide_all add include $devfsrules_unhide_basic add include $devfsrules_unhide_login add include $devfsrules_unhide_tunConfigure jail to use Devfs rule
testjail { mount.devfs; devfs_ruleset = "6"; host.hostname = "testjail"; interface = "em0"; ip4.addr = "192.168.1.111"; }