I ended up finding the real problem. I had used a different port on my previous install, so when I imported that config, it didn’t lineup with the port set by default in the new app. Changing the port to be my old has fixed the issue and I can now reach the TrueNAS server from WireGaurd and a client over the VPN.
However, I’m still having a routing issue where I can’t reach any other clients on the inside of the network from a VPN client. I verified that switching back to the old WireGuard allows me to reach those clients, but on the new WireGuard I can’t. After some digging, it looks like the routing tables are set to forward it to eth0 instead of ens2p0 like I need it to:
/app # iptables -L -v -t nat
Chain PREROUTING (policy ACCEPT 987K packets, 324M bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 770K packets, 299M bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 81192 packets, 5747K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 82119 packets, 5828K bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all – any eth0 10.8.0.0/24 anywhere
0 0 MASQUERADE all – any eth0 10.8.0.0/24 anywhere
/app # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: enp1s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
link/ether 34:97:f6:94:fa:e4 brd ff:ff:ff:ff:ff:ff
3: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 3c:52:a1:cc:60:07 brd ff:ff:ff:ff:ff:ff
inet 192.168.68.120/22 brd 192.168.71.255 scope global dynamic enp2s0
valid_lft 5601sec preferred_lft 5601sec
inet6 fe80::3e52:a1ff:fecc:6007/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
4: br-46790bf81b14: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:72:29:93:7b brd ff:ff:ff:ff:ff:ff
inet 172.16.2.1/24 brd 172.16.2.255 scope global br-46790bf81b14
valid_lft forever preferred_lft forever
6: br-f2b7b89e4f56: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:07:f3:3c:ed brd ff:ff:ff:ff:ff:ff
inet 172.16.1.1/24 brd 172.16.1.255 scope global br-f2b7b89e4f56
valid_lft forever preferred_lft forever
7: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:10:69:f0:f5 brd ff:ff:ff:ff:ff:ff
inet 172.16.0.1/24 brd 172.16.0.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fdd0::1/64 scope global nodad
valid_lft forever preferred_lft forever
37: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 10.8.0.1/24 scope global wg0
valid_lft forever preferred_lft forever
inet6 fdcc:ad94:bacf:61a4::cafe:1/112 scope global
valid_lft forever preferred_lft forever
On the v14 wg_easy there was a field on the config tab to specify the device that it should route to. in v15 it looks like this field is removed, so I have no way to set it. How can I change this value so that my iptables ends up routing to enp2s0 instead of eth0?