Re: Assistance Needed with Wireguard VPN Configuration and pf Rules on OpenBSD 7.3

Mon, 14 Aug 2023 05:25:44 -0700 

Hello,

The solution you both provided, worked well.

1. I do not use nano! I use the vi editor for my tasks.

2. Please have a look at the configuration I have implemented.

     pass in quick on wg0 proto tcp from 10.0.8.3/32 to any port {22 80}
     block in on wg0 proto tcp from any to any port {22 80}
     block in quick on bwfm0 proto tcp from any to any port {22 80}

   This configuration is functioning well and your suggestions have
   greatly assisted me in achieving it.

   I would like to discuss my insights on this configuration and would
   appreciate your feedback on it.

   I. I use the word "quick" in the first line to prevent the "block"
   rules in the second line from taking precedence over it.
   II. The second line effectively prevents any devices in the wireguard
   network from accessing ports 22 and 80. However, because the 'quick'
   command is used in the first line, the rule in the first line takes
   precedence and allows access to ports 22 and 80 for the machine with
   IP address 10.0.8.3.
   III. The third line is used to prevent any devices outside of the
   wireguard network from accessing ports 22 and 80.

I appreciate the time and effort you dedicated to this. Thank you so
much.
--
Soubheek Nath
Fifth Estate
Kolkata, India
soubheekn...@gmail.com

On Mon, Aug 14, 2023 at 7:35 AM lain. <l...@fair.moe> wrote:
>
> On 2023年08月13日 12:17, Stuart Henderson wrote:
> > >    https://www.vultr.com/docs/install-wireguard-vpn-server-on-openbsd-7-0/
> >
> > what a mess of things from the base OS and unneeded third-party tools.
> >
> List of tools:
> wireguard-tools (required), nano (vim would have been enough), and the
> rest is everything OpenBSD ships with.
> Oh the horror, that's far too much, the sky is falling!
>
> > > On Sun, Aug 13, 2023 at 7:04 AM lain. <l...@fair.moe> wrote:
> > >>
> > >> I failed to come up with reasons for using a preshared key, so I've let
> > >> ChatGPT generate reasons for me:
> >
> > oh $deitt please do not.
> >
> What matters is not who or what answered, what matters is the answer,
> and the answer it provided is good, but I guess autists gonna autist.

Reply via email to