Hi,
With OpenBSD 6.8 installed, I'm investigating switching from OpenVPN
over to Wireguard.
This is for roadwarrior with Windows 7/10 laptops to access my OpenBSD
6.8 server.
All I can find is wg(4) for reference. It has kind of an interesting
example, but I am struggling a bit without the "big picture". I don't
mind doing my own reading, but the only additional documentation I can
find is the Whiteguard whitepaper which is Linux and doesn't mention
"wgendpoint"...
Is it necessary to use routing domains? I don't believe so as I've
never done that with any other interface.
Where are the various wireguard parameters to ifconfig documented? From
the example:
ifconfig wg1 create wgport 111 wgkey `openssl rand -base64 32`
rdomain 1
What is the implication of "wgport"? wgkey is pretty obvious.
The next relevant line in the example:
ifconfig wg1 wgpeer $PUB2 wgendpoint 127.0.0.1 222 wgaip 192.168.5.2/32
wgpeer is the public key of the wireguard instance running on the
Windows PC's.
wgendpoint... what should that be in a road warrior setup? I'm not sure
exactly what that is about. I am guessing that it is the interface to
listen on? I get my public IP address via DHCP from my ISP so it is
subject to change. I have dynamic DNS set up and it's working
perfectly. What would the configuration look like in a situation like
this?
wgaip - does that correspond with "Allowed IP's" described in glossary
in the "DESCRIPTION" section. With a /32, that's a hostname. But in a
roadwarrior setup, I won't know what the remote IP is.. so I'm a bit
confused here.
And then finally, what changes need to be made to pf.conf to allow this
traffic to flow? Is that what the "wgport" field is about?
Thanks,
Steve W.
