diff --git a/net/wireguard-tools/Makefile b/net/wireguard-tools/Makefile
index cd97a43099f5..b80a0cbe8e5b 100644
--- a/net/wireguard-tools/Makefile
+++ b/net/wireguard-tools/Makefile
@@ -1,60 +1,60 @@
 PORTNAME=	wireguard-tools
 PORTVERSION=	1.0.20210914
-PORTREVISION=	3
+PORTREVISION=	4
 CATEGORIES=	net net-vpn
 MASTER_SITES=	https://git.zx2c4.com/wireguard-tools/snapshot/
 
 MAINTAINER=	decke@FreeBSD.org
 COMMENT=	Fast, modern and secure VPN Tunnel
 WWW=		https://git.zx2c4.com/wireguard-tools/about/
 
 LICENSE=	GPLv2
 LICENSE_FILE=	${WRKSRC}/../COPYING
 
 FLAVORS=	default lite
 lite_PKGNAMESUFFIX=	-lite
 
 USES=		gmake tar:xz
 
 WRKSRC_SUBDIR=	src
 
 MAKE_ARGS+=	DEBUG=no WITH_BASHCOMPLETION=yes WITH_SYSTEMDUNITS=no
 MAKE_ENV+=	MANDIR="${PREFIX}/share/man" \
 		SYSCONFDIR="${PREFIX}/etc"
 
 OPTIONS_DEFINE=	WGQUICK
 OPTIONS_DEFAULT=WGQUICK
 OPTIONS_SUB=	yes
 
 WGQUICK_DESC=		wg-quick(8) userland utility
 WGQUICK_RUN_DEPENDS=	bash:shells/bash
 WGQUICK_MAKE_ARGS=	WITH_WGQUICK=yes
 WGQUICK_MAKE_ARGS_OFF=	WITH_WGQUICK=no
 
 .if ${FLAVOR:U} == lite
 USE_RC_SUBR=	wireguard_lite
 OPTIONS_EXCLUDE=WGQUICK
 COMMENT+=	(lite flavor)
 .endif
 
 .include <bsd.port.options.mk>
 
 .if ${PORT_OPTIONS:MWGQUICK}
 USE_RC_SUBR=	wireguard_wgquick
 .endif
 
 post-patch:
 	@${REINPLACE_CMD} -e 's|/usr/local|${LOCALBASE}|g' \
 		${WRKSRC}/completion/wg-quick.bash-completion \
 		${WRKSRC}/wg-quick/freebsd.bash
 
 install-rc-script:
 	@${ECHO_MSG} "===> Staging rc.d startup script(s)"
 	@for i in ${USE_RC_SUBR}; do \
 		_prefix=${PREFIX}; \
 		[ "${PREFIX}" = "/usr" ] && _prefix="" ; \
 		${INSTALL_SCRIPT} ${WRKDIR}/$${i} ${STAGEDIR}$${_prefix}/etc/rc.d/wireguard; \
 		${ECHO_CMD} "@(root,wheel,0755) $${_prefix}/etc/rc.d/wireguard" >> ${TMPPLIST}; \
 	done
 
 .include <bsd.port.mk>
diff --git a/net/wireguard-tools/files/patch-wg-quick_freebsd.bash b/net/wireguard-tools/files/patch-wg-quick_freebsd.bash
new file mode 100644
index 000000000000..83254d7abac3
--- /dev/null
+++ b/net/wireguard-tools/files/patch-wg-quick_freebsd.bash
@@ -0,0 +1,43 @@
+--- wg-quick/freebsd.bash.orig	2021-09-13 22:43:31 UTC
++++ wg-quick/freebsd.bash
+@@ -27,6 +27,7 @@ SAVE_CONFIG=0
+ CONFIG_FILE=""
+ PROGRAM="${0##*/}"
+ ARGS=( "$@" )
++FREEBSD_MAJOR_VERSION=$(freebsd-version | cut -d. -f1)
+ 
+ cmd() {
+ 	echo "[#] $*" >&3
+@@ -283,20 +284,28 @@ monitor_daemon() {
+ 	echo "[+] Backgrounding route monitor" >&2
+ 	(make_temp
+ 	trap 'del_routes; clean_temp; exit 0' INT TERM EXIT
++	local event grep_for pid
++	if [[ "$FREEBSD_MAJOR_VERSION" -lt 14 ]]; then
++		grep_for="RTM_"
++	elif [[ $AUTO_ROUTE4 -eq 1 || $AUTO_ROUTE6 -eq 1 ]]; then
++		grep_for="iface" # needs refinement
++	else
++		grep_for="(add/repl|delete) iface iface#[0-9]{1,4} $INTERFACE "
++	fi
+ 	exec >/dev/null 2>&1
+-	exec 19< <(exec route -n monitor)
+-	local event pid=$!
++	exec 19< <(exec sh -c "route -n monitor | grep -E --line-buffered '$grep_for'")
++	monitor_ppid=$!
+ 	# TODO: this should also check to see if the endpoint actually changes
+ 	# in response to incoming packets, and then call set_endpoint_direct_route
+ 	# then too. That function should be able to gracefully cleanup if the
+ 	# endpoints change.
+ 	while read -u 19 -r event; do
+-		[[ $event == RTM_* ]] || continue
+ 		ifconfig "$INTERFACE" >/dev/null 2>&1 || break
+ 		[[ $AUTO_ROUTE4 -eq 1 || $AUTO_ROUTE6 -eq 1 ]] && set_endpoint_direct_route
+ 		# TODO: set the mtu as well, but only if up
+ 	done
+-	kill $pid) & disown
++	pkill -P "$monitor_ppid" route || true
++	) & disown
+ }
+ 
+ HAVE_SET_DNS=0