I'm attempting to set up wireguard for the simplest case: a laptop that wants to connect to the FreedomBox and thus have access to the internal network.
I have already overcome a few hurdles. Per https://wiki.debian.org/WireGuard I have set up /etc/wireguard/wg0.conf (in the client) ------------------------------------- [Interface] PrivateKey = <the private key, in /etc/wireguard/privatekey> ## Client IP Address = 192.168.200.28/24 (the internal network I want to join) ## if you have DNS server running # DNS = 192.168.x.1 (I don't run a dns server) [Peer] PublicKey = <public key of the FreedomBox> ## to pass internet trafic 0.0.0.0 but for peer connection only use 192.168.x.0/24, or you can also specify comma separated IPs AllowedIPs = 10.84.0.0/32,192.168.200.0/24 Endpoint = <my subdomain>.freedombox.rocks:51820 PersistentKeepalive = 20 ------------------------------------- But no matter the combination of /24 or /32 in the "Address" and "AllowedIPs" fields nothing ever goes out of the client. I had to explicitly add the specific internal address I want to contact in the "AllowedIPs", as in: AllowedIPs = 10.84.0.0/32,192.168.200.0/24,192.168.200.9 and then packets actually do go out and I see them arrive at the FreedomBox, After $ echo "module wireguard +p" | sudo tee /sys/kernel/debug/dynamic_debug/control I see this when running "sudo dmesg -wT" at the FreedomBox: [Sat Feb 15 15:13:46 2025] wireguard: wg0: Packet has unallowed src IP (192.168.200.28) from peer 1 (73.178.216.92:42585) It appears that the FreedomBox wireguard doesn't use /etc/wireguard/wg0.conf (/etc/wireguard is empty) so I can't use the same trick I used on the client. I would have assumed that the FreedomBox wireguard would know about the internal networks (in my case 192.168.200.0/24 and 192.168.224.0/24) and I am unsure how to tell the FreedomBox wireshark what IP ranges to accept traffic for. After all wireshark is apparently just a kernel module. So, how do I tell the FreedomBox to accept packets coming from "peer 1" (192.168.200.28)? Thanks. Augustine _______________________________________________ Freedombox-discuss mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/freedombox-discuss
