From: Frank Volf <frank@deze.org>
To: wireguard@lists.zx2c4.com
Subject: Wireguard on FreeBSD - a few questions
Date: Sun, 31 Oct 2021 19:41:50 +0100 [thread overview]
Message-ID: <cfddc41d-0768-af1a-d527-d2bccd5cfd56@deze.org> (raw)
Hi,
This weekend I installed Wireguard on FreeBSD 13.0 and until now
everything seems to work fine (I use the kernel module).
Installation and configuration was easy and connecting with the Android
app works great as well.
I do have a few questions.
1) Is it possible on FreeBSD to enable some kind of logging? I did made
a small configuration error with my first client and it was hard to find
the error, because there does not seem to be any logging at all. Some
logging information would be appreciated and probably wold have pointed
me faster to the fact that I needed to switch two keys in my config.
2) I noticed that Wireguard uses a wildcard to listen to all IP
addresses on my multi-homed machine on his dedicated UDP port. I would
prefer if Wireguard would only bind to the specific IP address on the
outside interface that is designated for that use. Is this possible?
3) Final question: is it possible on the server side to restrict the
destinations that clients can connect to it? I know, that I can set the
AllowedIPs on the client side to restrict that, but that setting can be
changed at the client side. It would be nice if I could restrict
destinations at the server side (so client X can only connect to an IP
address of an internal server that it needs access to but nothing else).
I can probably use a state full packet filtering firewall for this, but
it would it be possible to configure this on the Wireguard server side
as well?
That said, I'm pleased with the first test results of Wireguard on
FreeBSD and hopefully it keeps on running fine. Great product!
Kind regards,
Frank
next reply other threads:[~2021-11-03 10:57 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-31 18:41 Frank Volf [this message]
2021-11-03 16:39 ` Wireguard on FreeBSD - a few questions Kyle Evans
2021-11-03 20:52 ` Frank Volf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cfddc41d-0768-af1a-d527-d2bccd5cfd56@deze.org \
--to=frank@deze.org \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).