WireGuard
Устанавливаем WireGuard.
Install WireGuard.
# pkg ins -y wireguard
Настраиваем ключи.
Configure keys.
# cd /usr/local/etc/wireguard
# umask 077
# wg genkey > freebsd.private
# wg pubkey < freebsd.private > freebsd.public
# wg genkey > ios.private
# wg pubkey < ios.private > ios.public
Создаем серверный и клиентский конфиги и кладём в них сгенерированные ключи.
Create server and client configs and put generated keys to it.
# vi /usr/local/etc/wireguard/wg0.conf
[Interface]
Address = 10.0.1.1/24
PrivateKey = freebsd_private_key
ListenPort = 51820
[Peer]
PublicKey = ios_public_key
AllowedIPs = 10.0.1.2/32
Endpoint = external_ip:51820
# vi /usr/local/etc/wireguard/ios.conf
[Interface]
Address = 10.0.1.2/32
PrivateKey = ios_private_key
DNS = 8.8.8.8
[Peer]
PublicKey = freebsd_public_key
AllowedIPs = 0.0.0.0/0
Endpoint = external_ip:51820
Включаем автостарт сервиса и стартуем его.
Enable service autostart and start it.
# sysrc gateway_enable="YES"
# sysrc wireguard_enable="YES"
# sysrc wireguard_interfaces="wg0"
# service wireguard start