I had a first look at the latest version of the wireguard kernel integration.
There was some findings that may need attention.
buildkernel stops with kernel option INVARIANTS enabled:
--- all_subdir_if_wg ---
/usr/src/sys/dev/if_wg/module/if_wg_session.c:1639:22: error: unused variable
'e' [-Werror,-Wunused-variable]
struct wg_endpoint *e = wg_mbuf_endpoint_get(m);
^
2 errors generated.
*** [if_wg_session.o] Error code 1
buildkernel KERNCONF="GENERIC-NODEBUG" works fine.
I managed to figure out these options to the ifconfig command:
# ifconfig wg create private-key AtT4BNuidrJrDGZUH1Ddd4e6D0HMCq3Z+KawQVZQqXU=
listen-port 9999 peer public-key bmUgcaOtlEFcIoSlwPQ3qO/c14nJHYr+a7Ms/kJmOFA=
endpoint 192.168.4.4:8888 allowed-ips 10.2.3.0/24
which seems to get everything in place. However peer-list shows the allowed ips
in a funny way:
# ifconfig wg0 peer-list
[Peer]
PublicKey = bmUgcaOtlEFcIoSlwPQ3qO/c14nJHYr+a7Ms/kJmOFA
Endpoint = 192.168.4.4:8888
AllowedIPs = 0.0.10.2/24
and if you specify two allowed-ips in the wg create peer section it gets worse:
# ifconfig wg create ……. allowed-ips 10.2.3.0/24 allowed-ips 10.11.12.0/24
# ifconfig wg0 peer-list
[Peer]
PublicKey = bmUgcaOtlEFcIoSlwPQ3qO/c14nJHYr+a7Ms/kJmOFA
Endpoint = 192.168.4.4:8888
AllowedIPs = 0.0.10.11/24, 0.0.10.11/24
Otherwise this looks really nice! Next i’ll try some connectivity tests.
/Peter
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
