Re: What is the current Wireguard situation?

[Chavdar Ivanov <ci4ic4%gmail.com@localhost>]

On Wed, 5 Jul 2023 at 16:26, Martin Husemann <martin%duskware.de@localhost> wrote:
>
> On Wed, Jul 05, 2023 at 05:10:42PM +0200, logothesia wrote:
> > Hi folks,
> >
> > What does the landscape look like regarding WireGuard? Is it supported at
> > all?
>
> In -10 and -current it is. I am using it on several machines (mostly with
> windows peers).

But you have to add 'pseudo-device wg' to you kernel configuration -
it is not on by default:

# uname -a
NetBSD ymir.lorien.lan 10.99.4 NetBSD 10.99.4 (GENERIC) #6: Wed Jul  5
12:53:40 BST 2023
sysbuild%ymir.lorien.lan@localhost:/dumps/sysbuild/amd64/obj/home/sysbuild/src/sys/arch/amd64/compile/GENERIC
amd64
# ifconfig -C
vether bridge ipsec carp lagg agr pppoe vlan tun tap sl stf ppp lo
l2tp gre gif npflog
# grep wg /usr/src/sys/arch/amd64/conf/*
/usr/src/sys/arch/amd64/conf/ALL:pseudo-device  wg
 # VPN tunnel compatible with WireGuard


>
> > ifconfig. It is my understanding that wireguard-tools only provides the
> > userland stuff (i.e., config file reading and so on).
>
> You do not even need that, base comes with wgconfig, and "man wg" tells
> you all about the setup tricks.
>
> > Do I have to compile a custom kernel, or enable something somewhere?
>
> Did you try "ifconfig -C"? That should list all clonable interfaces
> and includes "wg" if the kernel knows about it.
>
> > Not sure if it matters, but I am running NetBSD/evbarm-earmv6hf 9.3.
>
> You might, or load the if_wg kernel module (by adding it to /etc/modules.conf,
> see "man modules.conf").
>
> Martin



-- 
----