Re: WireGuard setup in NetBSD 10

[Kirill Miazine <km%krot.org@localhost>]

Hi, Martin

Thanks for sharing your configuration.

• Martin Husemann [2024-01-18 09:02]:
> On Thu, Jan 18, 2024 at 08:46:11AM +0100, Kirill Miazine wrote:
> > Hi, NetBSD users
> > 
> > I've been setting up a NetBSD box, which has to be connected to the wider
> > WireGuard network. There's a while since I managed NetBSD, so I'd like to
> > ask for feedback as to whether current setup is considered a "proper" way of
> > setting up WireGuard on NetBSD:
> > 
> > 1. Create files with WireGuard private key and pre-shared key
> 
> Yes.

Good.

> > 2. Create ifconfig.wgN with lines to configure network address, and a bunch
> > of calls to wgconfig using !. Now while writing this email I discovered that
> > I can use $int variable in ifconfig.wgN file, and that made wgconfig calls a
> > lot cleaner.
> 
> I use something like this as /etc/ifconfig.wg0:
> 
> -----8<-----
> 192.168.2.42/24
> !wgconfig ${int} set private-key /etc/wg/${int}
> !wgconfig ${int} set listen-port 62345
> !wgconfig ${int} add peer .... .....  --allowed-ips=192.168.2.32/32
> # more similar "add peer" lines...
> up
> ----->8-----

Almost identical to mine, except that I use wg1 (because the network is
configured on wg1 on all the other peers).

> > 3. Add wgN to net_interfaces in rc.conf.
> 
> No need to do that.

Good that you say so!

Yet for some reason mine isn't being picked up -- even if I use wg0 instead of wg1.

So I'll have to dig further, then.

> Martin

-- 
    -- Kirill Miazine <km%krot.org@localhost>