BennyTheBee
Please
menu
Bennys Fuck Ass Wiki / networking / unifi / gateways / ospf / wireguard
print lock_open

Wireguard

When working with Wireguard Client to PfSense Wireguard Server, the UI will not show any indication of this working. However, it is possible when using the SSH Shell.

After SSHing into the device, you must run the following command to get to FRR

vtysh

Enter Config mode 

config t

We need to first setup the interfaces that we want to use. It is important that the interface connecting to other routers is set to network point-to-point so for instance the wireguard interface. UniFis instance of Wireguard will use wgclt1 for the first VPN connection, and I believe increment the number as it grows. To get to the configuration for the Wireguard Interface, run the following command

interface wgclt1

Once in the interface configuration we need to run the following commands

ip ospf network point-to-point
ip ospf dead-interval 40
ip ospf hello-interval 10

After we run those commands, we need to switch to our lan interfaces. They should be along the lines of br0 or close. You can run ifconfig on the gateway when outside of FRR mode to get these interfaces, or you can setup a dummy OSPF configuration in the UI and it should show in the running-config of FRR. We need to get to the lan interface, and for this example will be using br0

interface br0

We need to then set this connection to passive as we are not having this interface transmit or receive OSPF packets

ip ospf passive

After we have configured the the interfaces, we need to exit the interface config mode

exit

Now we need to enter router ospf configuration mode

router ospf

Now we can start configuring the router-id, the networks we are broadcasting, and the area we are broadcasting to

ospf router-id 3.3.3.3
network 172.25.10.0/24 area 0.0.0.0
network 172.31.0.16/30 area 0.0.0.0

Ther 25 network is our lan and the 31 is our VPN IP. We should start seeing the OSPF negotiation happening and seeing neighbors populate. We need to exit to the basic mode of FRR and write the config 

exit 
exit
write

Troubelshooting

If you are only seeing Hello packets being transmittied and no other packets, make sure that on the Hub you are connecting to, that the allowed IPs includes Multicast, so I normally just allow 0.0.0.0

This page was last edited on 2025-11-26 14:09

Powered by Wiki|Docs

This page was last edited on 2025-11-26 14:09

BennyTheBee
Please

Powered by Wiki|Docs