Failed wireguard experiments.

wireguard in FreeBSD in jail (non vtnet)

NOTE:

Unsuccessful - I was able to make /dev/tun0 visible within jail (and to ifconfig)
but upon wireguard startup I'm hitting issues because of a missing /dev/tun.

Instead, I'll just run it on the host and bridge the interface to the jails...

See https://forums.freebsd.org/threads/openvpn-server-in-jail-using-a-tun-device.22143/

Create /dev/tun0 on host

# /etc/rc.conf

# creates 'tun0' on every boot
# (place before jails defined)
# (following reboot, ifconfig should show tun0)
cloned_interfaces="tun"

Devfs rule to unhide /dev/tun0 in jails

Create devfs rules to expose tun0 to jail.
The rule number assigned within []s should be incremented
over last rule number from /etc/defaults/devfs.conf.

# /etc/devfs.conf

# Support for TUN devices (?? is this needed ??)
[devfsrules_unhide_tun=5]
add path tun0 unhide

# Unhide TUN within jail
[devfsrules_jail_unhide_tun=6]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add include $devfsrules_unhide_tun

Configure jail to use Devfs rule

testjail {
    mount.devfs;
    devfs_ruleset = "6";
    host.hostname = "testjail";
    interface     = "em0";
    ip4.addr      = "192.168.1.111";
}