aboutsummaryrefslogtreecommitdiff
path: root/content/docs
diff options
context:
space:
mode:
authorJulien Dessaux2023-02-15 23:44:12 +0100
committerJulien Dessaux2023-02-15 23:44:12 +0100
commit5136efe70281b8a7f90e42742f73a0876833b597 (patch)
tree9ffc00ed53447a89b7c5fb66aba8cb4ce6de76c0 /content/docs
parentAdded the first blog article in a series about wireguard (diff)
downloadwww-5136efe70281b8a7f90e42742f73a0876833b597.tar.gz
www-5136efe70281b8a7f90e42742f73a0876833b597.tar.bz2
www-5136efe70281b8a7f90e42742f73a0876833b597.zip
Add wireguard on OpenBSD blog article
Diffstat (limited to 'content/docs')
-rw-r--r--content/docs/openbsd/wireguard.md18
1 files changed, 10 insertions, 8 deletions
diff --git a/content/docs/openbsd/wireguard.md b/content/docs/openbsd/wireguard.md
index 83c7cb1..8e86ced 100644
--- a/content/docs/openbsd/wireguard.md
+++ b/content/docs/openbsd/wireguard.md
@@ -4,6 +4,7 @@ description: How to configure a wireguard endpoint on OpenBSD
tags:
- OpenBSD
- vpn
+- wireguard
---
## Introduction
@@ -14,7 +15,7 @@ This article explains how to configure wireguard on OpenBSD.
OpenBSD does things elegantly as usual : where linux distributions have a service, OpenBSD has a simple `/etc/hostname.wg0` file. The interface is therefore managed without any tool other than the standard ifconfig, it's so simple and elegant!
-You can still install the usual tooling with:
+If you want you can still install the usual tooling with:
```sh
pkg_add wireguard-tools
```
@@ -30,24 +31,25 @@ echo public_key: $PUBLIC_KEY
```
Private keys can also be generated with the following command if you do not wish to use the `wg` tool:
-{{< highlight sh >}}
+```sh
openssl rand -base64 32
-{{< /highlight >}}
+```
+I am not aware of an openssl command to extract the corresponding public key, but after setting up your interface `ifconfig` will kindly show it to you.
## Configuration
Here is a configuration example of my `/etc/hostname.wg0` that creates a tunnel listening on udp port 342 and several peers :
-{{< highlight cfg >}}
+```cfg
wgport 342 wgkey '4J7O3IN7+MnyoBpxqDbDZyAQ3LUzmcR2tHLdN0MgnH8='
10.1.2.1/24
wgpeer 'LWZO5wmkmzFwohwtvZ2Df6WAvGchcyXpzNEq2m86sSE=' wgaip 10.1.2.2/32
wgpeer 'SjqCIBpTjtkMvKtkgDFIPJsAmQEK/+H33euekrANJVc=' wgaip 10.1.2.4/32
wgpeer '4CcAq3xqN496qg2JR/5nYTdJPABry4n2Kon96wz981I=' wgaip 10.1.2.8/32
wgpeer 'vNNic3jvXfbBahF8XFKnAv9+Cef/iQ6nWxXeOBtehgc=' wgaip 10.1.2.6/32
-{{< /highlight >}}
+```
-Your private key goes on the first line as argument to `wgkey`, the other keys are public keys for each peer.
+Your private key goes on the first line as argument to `wgkey`, the other keys are public keys for each peer. As all other hostname interface files on OpenBSD, each line is a valid argument you could pass the `ifconfig` command.
To re-read the interface configuration, use :
```sh
@@ -57,7 +59,7 @@ sh /etc/netstart wg0
## Administration
The tunnel can be managed with the standard `ifconfig` command:
-{{< highlight sh >}}
+```sh
root@yen:~# ifconfig wg0
wg0: flags=80c3<UP,BROADCAST,RUNNING,NOARP,MULTICAST> mtu 1420
index 4 priority 0 llprio 3
@@ -85,6 +87,6 @@ wg0: flags=80c3<UP,BROADCAST,RUNNING,NOARP,MULTICAST> mtu 1420
wgaip 10.1.2.6/32
groups: wg
inet 10.1.2.1 netmask 0xffffff00 broadcast 10.1.2.255
-{{< /highlight >}}
+```
Alternatively you can also use the `wg` tool if you installed it.