NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Wireguard woes
I would like to try to setup a NetBSD 11 laptop for use with the
ProtonVPN Wireguard service and I'm wondering if that is currently
possible with the current state of NetBSD's Wireguard using
wgconfig(8) ?
For manual Wireguard Proton VPN setup one typically makes some
selections in their web interface then downloads a config file [1].
I've done this and tried to follow the examples in the wg(4) manpage
based on said config file contents (see below). So far, the best
I can achieve is a momentary handshake and only if I add an IPv6
address to --allowed-ips argument string for wgconf(8).
What has been done:
1) added "if_wg" to /etc/modules.conf to load at startup
2) made a setup script using proton.conf[1] as guide:
#! /bin/sh -e
# wg_create
#
if ( 2>1 ifconfig wg0 >/dev/null )
then
echo 'wireguard interface already configured.'
else
echo 'setting up wireguard interface..'
sleep 1
sudo ifconfig wg0 create
sudo ifconfig wg0 inet 10.2.0.2/32
# /etc/wg/wg0 contains just the Proton PrivateKey
sudo wgconfig wg0 set private-key /etc/wg/wg0
sudo wgconfig wg0 add peer Proton '<Proton PublicKey>' \
--allowed-ips=0.0.0.0/0,::/0 --endpoint=<Proton Endpoint:Port>
sudo ifconfig wg0 up
fi
---
After running wg_create and pinging some random address I can see that
there was at least a momentary handshake made:
$ ifconfig wg0
wg0: flags=0x8041<UP,RUNNING,MULTICAST> mtu 1420
status: active
inet6 fe80::725a:b6ff:fe65:5d38%wg0/64 flags 0 scopeid 0x4
inet 10.2.0.2/32 flags 0
$ wgconfig wg0
interface: wg0
private-key: (hidden)
listen-port: (none)
peer: Proton
public-key: ***************************************
endpoint: 212.***.**.***:5****
preshared-key: (hidden)
allowed-ips: 0.0.0.0/0
latest-handshake: Sat Sep 27 01:15:43 2025
However an IPv4 ping fails:
$ ping -n 10.2.0.2
PING 10.2.0.2 (10.2.0.2): 56 data bytes
----10.2.0.2 PING Statistics----
15 packets transmitted, 0 packets received, 100.0% packet loss
I can also see that a route gateway has been created:
$ route -n show |head
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Interface
default 192.168.1.1 UG - - - urtwn0
10.2.0.2 wg0 UHl - - - wg0
10.2.0.2/32 10.2.0.2 U - - - wg0
127/8 127.0.0.1 UGRS - - 33624 lo0
127.0.0.1 lo0 UHl - - 33624 lo0
192.168.1/24 link#2 UC - - - urtwn0
My understanding is that changing the default route shouldn't be needed with
wireguard and doing so via 'sudo route -f add default 10.2.0.2' consistently
hangs the system..
Am I missing something or is this sort of use just not achievable at this time?
BTW, I tried installing the wireguard-tools package but this package
really doesn't seem to be for NetBSD at all.
-B
--
refs:
[1] # proton.conf
[Interface]
# Key for wg-proton
# Bouncing = 1
# NetShield = 1
# Moderate NAT = off
# VPN Accelerator = on
PrivateKey = *******************************************
Address = 10.2.0.2/32
DNS = 10.2.0.1
[Peer]
# US-ST#42
PublicKey = ********************************************
AllowedIPs = 0.0.0.0/0
Endpoint = 212.***.**.***:5****
Home |
Main Index |
Thread Index |
Old Index