In the settings menu of FreeNAS, system > tunables, setup the following :
gateway_enable YES rc
net.inet.ip.forwarding 1 sysctl
pf_enable YES rc
pf_rules /usr/local/etc/pf.conf rc
wireguard_enable YES rc
wireguard_interfaces wg0 rc
Still in the settings, tasks > Init/shutdown scripts
Command mkdir -p /usr/local/etc/wireguard && cp /root/.wireguard/wg0.conf /usr/local/etc/wireguard/wg0.conf && /usr/local/etc/rc.d/wireguard start PostInit
Command cp /root/.pf/pf.conf /usr/local/etc/pf.conf && service pf restart PostInit
connect in ssh to your freenas box.
vi /root/.pf/pf.conf
ext_if="re0"
int_if="wg0"
set skip on lo0
scrub in all
nat on $ext_if from $int_if:network to any -> ($ext_if)
pass all
where "re0" is your local ethernet interface, on the home network 192.168.77.0/24
vi /root/.wireguard/wg0.conf
[Interface]
Address = 10.0.7.1/24
SaveConfig = true
PrivateKey = <freenas wireguard private key>
ListenPort = 55555
[Peer]
PublicKey = <client1 wireguard public key>
PresharedKey = <wireguard preshared key>
AllowedIPs = 10.0.7.2/32
[Peer]
PublicKey = <client2 wireguard public key>
PresharedKey = <wireguard preshared key>
AllowedIPs = 10.0.7.3/32
And setup your client
vi /etc/wireguard/wg0.conf
[Interface]
Address = 10.0.7.3/24
PrivateKey = <client wireguard privatekey>
ListenPort = 27396
[Peer]
PublicKey = <freenas wireguard public key>
PresharedKey = <wireguard preshared key>
3 possibilities for the last line:
Host to Host VPN:
AllowedIPs = 10.0.7.1/32
Host to Lan VPN:
AllowedIPs = 10.0.7.1/32, 192.168.77.0/24
Host to Lan+Internet (forward everything) VPN:
AllowedIPs = 10.0.7.1/32, 192.168.77.0/24, 0.0.0.0/0
See wireguard documentation for more details...