NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: WireGuard setup in NetBSD 10



On Thu, Jan 18, 2024 at 08:46:11AM +0100, Kirill Miazine wrote:
> Hi, NetBSD users
> 
> I've been setting up a NetBSD box, which has to be connected to the wider
> WireGuard network. There's a while since I managed NetBSD, so I'd like to
> ask for feedback as to whether current setup is considered a "proper" way of
> setting up WireGuard on NetBSD:
> 
> 1. Create files with WireGuard private key and pre-shared key

Yes.

> 2. Create ifconfig.wgN with lines to configure network address, and a bunch
> of calls to wgconfig using !. Now while writing this email I discovered that
> I can use $int variable in ifconfig.wgN file, and that made wgconfig calls a
> lot cleaner.

I use something like this as /etc/ifconfig.wg0:

-----8<-----
192.168.2.42/24
!wgconfig ${int} set private-key /etc/wg/${int}
!wgconfig ${int} set listen-port 62345
!wgconfig ${int} add peer .... .....  --allowed-ips=192.168.2.32/32
# more similar "add peer" lines...
up
----->8-----

> 3. Add wgN to net_interfaces in rc.conf.

No need to do that.

Martin


Home | Main Index | Thread Index | Old Index