Replace ZeroTier with Wireguard in FreeNAS
Description
Problem/Justification
Impact
SmartDraw Connector
Katalon Manual Tests (BETA)
Activity
I created two tunables for rc.conf:
Variable: "wireguard_enable"
Value: "YES"
Variable: "wireguard_interfaces"
Value: "wg0"
My preinit script is a simple command:
'cp /mnt/<POOL>/apps/wireguard/wg0.conf /usr/local/etc/wireguard/'
* <POOL> represents my zfs volume *
Together they start wireguard service using wg0.conf located in '/usr/local/etc/wireguard'
wg0.conf:
Update:
Ping server IP (192.168.2.1) from peer over the established VPN is intermittent. Most pings fail, which led me to thinking the VPN was not functioning. But when I added routes to my LAN and my FreeNAS server, everything traverses properly.
FN server lan IP=192.168.1.77.
Added route to router: 192.168.2.0/30 -> 192.168.1.77
added route to wg.conf "PostUp = route add 192.168.2.0/30 192.168.2.1"
Now I have full access to my FN LAN IP and all my jails over Wireguard VPN.
How did you setup the script? I'm using it here with the 'wg-quick' command and it's working perfectly. Creates tunnel, routes, etc.
As ZeroTier is removed in FreeNAS 11.3-RC1, I tried this out for a VPN solution...
I created tunables to start the service and an init script to copy the config file to where expected from my pool.
The service successfully created a wg0 device with tun driver but it was non-functional. I could not ping wg0 device IP, even from itself. My client would connect, but not be able to traverse the VPN connection either. This may be upstream as the software has not even reached v1.0 yet.
@Kris Moore, can you elaborate on ZeroTier no-longer being OSS? If I'm reading it correctly FreeNAS is not generally negatively affected by their new license, only military and intelligence users would be affected.
I would like it to stay just to keep the option of using it. Wireguard is still a wok in progress as stated by themselves https://www.wireguard.com/#work-in-progress
If it were decided that ZeroTier has to go, also remove NAS-102472 from 12.0 Release
ZeroTier is now no-longer OpenSource... Lets bring WireGuard into FreeNAS to start experimentation with it as a VPN solution.