On Sat, 6 May 2023 02:18:30 +0200 Odd Martin Baanrud <mar...@lb7ye.net> wrote:
> Hello Stuart, > > Thanks for a detailed and good explenation! > > I choosed the WireGuard-tools solution, because I understood how it works, > and it is easy to configure. > I*ve read a bit in the wg(4) manual, and I get confused of how things > actually works. > Is it possible to use wireguard-tools*s private/public key e.g? > If not, is the actual configuration using the included tools easy to do? > > I*m blind, so reading lots of documentation, when not knowing what to look > for, can be pritty time consuming. > So, if it is an easy way to set up a wireguard-tools style vpn using tools > from the base system, please let me know. > > Regarding pf, thanks for good advice regarding how to use NAT rules. > > Regards, Martin. Hello Martin. I just recently started using WireGuard, as a client only, using commercial VPN service. I did not have to use wireguard-tools. In addition to the manual pages for wireguard and rdomain, I also consulted several online guides that helped clarify how everything should work (DNS is the tricky part). 1. Solene Rapenne - "Full WireGuard setup with OpenBSD" Solene explains how to setup both wireguard server and client on OpenBSD without using wireguard-tools. She uses openssl to generate private keys. Note: page has one ASCII network diagram. https://dataswamp.org/~solene/2021-10-09-openbsd-wireguard-exit.html 2. Matthieu Herrb - "Setting up a WireGuard client with routing domains on OpenBSD". Matthieu explains step-by-step how to setup OpenBSD as wireguard client for 3rd party VPN. He uses wireguard-tools, but only to generate the private key initially. Note: page includes one long output of ps command. https://md.laas.fr/s/NMc3qt5PQ Since both of the above guides use rdomains for their setup, I found this writeup about rdomains and rtables useful: 3. Joel Knight - "Virtualizing the OpenBSD Routing Table" Note: page has four images of network diagramms. https://www.packetmischief.ca/2011/09/20/virtualizing-the-openbsd-routing-table/ It is a lot of reading, and I apologize for that. I can see, but it still took me couple days to figure out how to get just the client part working right, and you are trying to do both server and client at once. I hope you succeed. -- Andre
