Wireguard on FreeBSD - a few questions
Frank Volf
frank at deze.org
Wed Nov 3 20:52:40 UTC 2021
Hi Kyle,
>> 1) Is it possible on FreeBSD to enable some kind of logging? I did made
>> a small configuration error with my first client and it was hard to find
>> the error, because there does not seem to be any logging at all. Some
>> logging information would be appreciated and probably wold have pointed
>> me faster to the fact that I needed to switch two keys in my config.
>>
> If you set 'debug' on the interface (`ifconfig wg0 debug`) then it'll
> write some useful bits to syslog for your perusal.
O.k. good to know this. It would be even better if this was documented,
I think a if_wg manual page for FreeBSD would be appropriate.
>> 2) I noticed that Wireguard uses a wildcard to listen to all IP
>> addresses on my multi-homed machine on his dedicated UDP port. I would
>> prefer if Wireguard would only bind to the specific IP address on the
>> outside interface that is designated for that use. Is this possible?
I think it is useful if you could bind Wireguard to use/listen on a
specific IP address, instead of the wildcard.
For example, for my tests I used a secondary (alias) IP address on a
server as the entry point for Wireguard tunnels.
However, if the server starts a session to the client (or tries to check
if the client is still alive), it uses the primary interface address
instead.
Binding it to a specific IP address would solve this.
Kind regards,
Frank
More information about the WireGuard
mailing list