Hello, Ok, now I finally got it running. I decided to bring up the wg interface using hostname.wg0, and start WireGuard from /etc/rc.local.
This machine also acts as the router for my lan/wlan, so I already have a “match out” rule to enable NAT for those interfaces in pf. Will this rule also do NAT from the wg if? The rule is: “match out on egress inet from !egress nat-to (egress) I have also added a pass in rule for external connections. “pass in quick inet proto udp to $wg_port” I have a default block policy, so I guess I’ll need to open for traffic in both directions on the wg interface? I have a server running behind the router. Will I be able to access it from the VPN with this setup, or do I need to implement rules for that purpoce? Regards, Martin
