Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Using wg(4) with a commerical VPN provider

Hello...  I would like to first thanks everyone who worked on and
contributed wg(4).  For the past week or so I have been pushing lots of
bits attaching a 9.99.74 DOMU to a commercial VPN provider who provides
WireGuard as an option.  After working out their rest API to get keys
set, it has been working just fine.

The only particular problem I encountered is that the if_wg driver will
not compile without INET6.  Attached is a patch I have been running with
that allows if_wg.c to compile without INET6 and may help in the
opposite situation where INET is not defined.  I have no way to test the
INET6 case.  If there are no objections I will commit this in the next
few days.

--- sys/net/if_wg.c.DIST	2020-10-26 10:36:30.391354264 -0400
+++ sys/net/if_wg.c	2020-10-30 19:13:46.910323221 -0400
@@ -98,8 +98,8 @@
 #include <netinet/udp.h>
 #include <netinet/udp_var.h>
-#ifdef INET6
 #include <netinet/ip6.h>
+#ifdef INET6
 #include <netinet6/in6_pcb.h>
 #include <netinet6/in6_var.h>
 #include <netinet6/ip6_var.h>
@@ -1611,7 +1611,16 @@
 wg_get_so_by_af(struct wg_softc *wg, const int af)
+#if defined(INET) && defined(INET6)
 	return (af == AF_INET) ? wg->wg_so4 : wg->wg_so6;
+#ifdef INET
+	return wg->wg_so4;
+#ifdef INET6
+	return wg->wg_so6;
 static struct socket *
@@ -2352,6 +2361,7 @@
 	if (*af == AF_INET) {
 		packet_len = ntohs(ip->ip_len);
 	} else {
+#ifdef INET6
 		const struct ip6_hdr *ip6;
 		if (__predict_false(decrypted_len < sizeof(struct ip6_hdr)))
@@ -2359,6 +2369,9 @@
 		ip6 = (const struct ip6_hdr *)packet;
 		packet_len = sizeof(struct ip6_hdr) + ntohs(ip6->ip6_plen);
+		packet_len = decrypted_len + 1;
 	WG_DLOG("packet_len=%u\n", packet_len);

Brad Spencer - - KC8VKS -

Home | Main Index | Thread Index | Old Index