Truenas & wireguard client

crc_error_79 · January 28, 2025, 3:45pm

Hello

I put a small nas (on my parents home) and I would like to use it as a remote backup.

Is it possible to set a wireguard client on it and let it connect to my network?

xMAXIMUSx · January 28, 2025, 3:50pm

Yes.

crc_error_79 · January 28, 2025, 3:54pm

(I put my hands up)
I didn’t saw the video but from the description the content creator create VPN server on TN.

I already have the server on the pfsense router at my home, what I would like to do is do the opposite, create a client on the remote truenas and let it connect to my network.

Is it possible?

pjsayers.anotherit · January 28, 2025, 4:33pm

Truenas has to be a server, it does not operate as a client

Why not create a site to site vpn, and restrict access using the wan ip of each location.

crc_error_79 · January 28, 2025, 5:19pm

Because I want to keep it simple and easy to maintain.

I just checked and Scale has already a wg client installed.

I don’t know if there is a GUI part (I didn’t found it) …but, if I put my wireguard.conf there and I set a script load it and run it with wg at NAS boot I should have solved right?

truenas_admin@pegaso[~]$ wg -v
wireguard-tools v1.0.20210914 - https://git.zx2c4.com/wireguard-tools/
truenas_admin@pegaso[~]$ ls /etc/wireguard 
ls: cannot open directory '/etc/wireguard': Permission denied

crc_error_79 · January 28, 2025, 5:43pm

I am testing it and it seems to work! now I will create the script
Can someone confirm that what I did is fine? or there is a better way?

truenas_admin@pegaso[/mnt/terra/sistema]$ nano /mnt/terra/sistema/wg-pegaso.conf
truenas_admin@pegaso[/mnt/terra/sistema]$ pwd
/mnt/terra/sistema
truenas_admin@pegaso[/mnt/terra/sistema]$ chmod 600 /mnt/terra/sistema/wg-pegaso.conf 
truenas_admin@pegaso[/mnt/terra/sistema]$ ls -ln
total 5
-rw-------+ 1 950 950 332 Jan 28 18:33 wg-pegaso.conf

truenas_admin@pegaso[/mnt/terra/sistema]$ sudo wg-quick up /mnt/terra/sistema/wg-pegaso.conf 
[sudo] password for truenas_admin: 
[#] ip link add wg-pegaso type wireguard
[#] wg setconf wg-pegaso /dev/fd/63
[#] ip -4 address add 172.16.99.20/24 dev wg-pegaso
[#] ip link set mtu 1420 up dev wg-pegaso
[#] resolvconf -a wg-pegaso -m 0 -x
[#] ip -4 route add 192.168.203.0/24 dev wg-pegaso

truenas_admin@pegaso[/mnt/terra/sistema]$ sudo wg show
interface: wg-pegaso
  public key: --- nascosta :) ---
  private key: (hidden)
  listening port: --- nascosta :) ---

peer: --- nascosta :) ---
  preshared key: (hidden)
  endpoint: --- nascosto :) ---
  allowed ips: 172.16.99.0/24, 192.168.203.0/24

on pfSense (my network)

xMAXIMUSx · January 28, 2025, 5:56pm

You can create an init entry in the advanced tab in TN.

Something like this.

Daksol · February 6, 2025, 6:11pm

Using Cloudflared

I just had similar challenge to OP with a small app server sited in a relative’s house. (Server running Lyrion Music Server on Docker in Ubuntu Server.)

Remote access set up using a cloudflared tunnel.

That has advantage that no config needed on the router etc at my relative’s house.

You do have to own a domain tho that in order to set the DNS entries which are used by the Cloudflared infrastructure.

With the tunnel in place I can ssh to that server, with port forwarding so I can connect via a web browser.

Does seem a lot easier to set up than some VPN solutions.

Is the Wireguard solution broadly comparable to Cloudflared?