Wireguard on FreeBSD - a few questions

Frank Volf frank at deze.org
Wed Nov 3 20:52:40 UTC 2021

Hi Kyle,
>> 1) Is it possible on FreeBSD to enable some kind of logging? I did made
>> a small configuration error with my first client and it was hard to find
>> the error, because there does not seem to be any logging at all.  Some
>> logging information would be appreciated and probably wold have pointed
>> me faster to the fact that I needed to switch two keys in my config.
> If you set 'debug' on the interface (`ifconfig wg0 debug`) then it'll
> write some useful bits to syslog for your perusal.

O.k. good to know this. It would be even better if this was documented, 
I think a if_wg manual page for FreeBSD would be appropriate.

>> 2) I noticed that Wireguard uses a wildcard to listen to all IP
>> addresses on my multi-homed machine on his dedicated UDP port. I would
>> prefer if Wireguard would only bind to the specific IP address on the
>> outside interface that is designated for that use. Is this possible?

I think it is useful if you could bind Wireguard  to use/listen on a 
specific IP address, instead of the wildcard.
For example, for my tests I used a secondary (alias) IP address on a 
server as the entry point for Wireguard tunnels.
However, if the server starts a session to the client (or tries to check 
if the client is still alive), it uses the primary interface address 
Binding it to a specific IP address would solve this.

Kind regards,


More information about the WireGuard mailing list