Wireguard configuration on FreeBSD (14.0)

Posted on February 9, 2024 | Thibault Payet

Install wireguard lite: pkg install wireguard-tools-lite

On the Endpoint that is publicly accessible

Add at the near end of the ipfw rules the wireguard subnet allow rules /root/bin/wireguard-firewall

#!/bin/sh
/sbin/ipfw -q add 60000 deny all from any to me
/sbin/ipfw -q add 61000 allow all from 10.0.0.0/24 to 10.0.0.0/24

Allow communication in the wireguard subnet wireguard_firewall

#!/bin/sh
# PROVIDE: wireguard_firewall
# REQUIRE: wireguard
# KEYWORD: shutdown

. /etc/rc.subr

name="wireguard_firewall"
rcvar="wireguard_firewall_enable"

: ${wireguard_firewall_enable:="NO"}

command="/root/bin/wireguard-firewall"

load_rc_config $name
run_rc_command "$1"

In case of limited connection, use wireguard_mtu

[Read More]

Usbhid

Posted on October 31, 2021 | Thibault Payet

Add usbhid

sysrc kld_list+=" hgame ps4dshock hms hcons"

Remove ums

sysrc kld_list-=" ums"

In /boot/loader.conf, so that it is used in the early boot process

hw.usb.usbhid.enable=1

DNS over TLS in FreeBSD

Posted on June 21, 2020 | Thibault Payet

Configure local unbound to use tls with cloudflare and quad9 resolver

sysrc local_unbound_enable="YES"
sysrc local_unbound_forwarders="1.1.1.1@853#cloudflare-dns.com 1.0.0.0@853#cloudflare-dns.com 9.9.9.9@853#dns.quad9.net 149.112.112.112@853#dns.quad9.net 2606:4700:4700::1111@853#cloudflare-dns.com 2606:4700:4700::1001@853#cloudflare-dns.com  2620:fe::fe@853#dns.quad9.net 2620:fe::9@853#dns.quad9.net"
sysrc local_unbound_tls="YES"

Start the local resolver

service local_unbound start

Synth Repository

Posted on May 11, 2020 | Thibault Payet

AMD64 repos FreeBSD 13.2

The pkg configuration should be installed in /usr/local/etc/pkg/repos/

The public key should be installed in /usr/local/etc/synth/

After that when running pkg update the repository will show up

You can use pkg search -r Synth packagename to search packagename in this remote repository