Hi all - hope you guys are doing great. I've been struggling to config WireGuard for a while (roadwarrior on my end, VPN service subscription on server side). Mostly due to my own limitations, really. Yesterday I finally managed to make it work, after upgrading to 7.5 RELEASE, through a lot of trial and error. Main reference on the setup was [1] and [2].
Setup that worked: ----------------------------- */etc/resolvd.conf* nameserver 10.2.0.1 # VPN server config */etc/hostname.wg0* wgkey $WG_MY_PRIV_KEY wgpeer $WG_PEER_PUBKEY inet 192.168.1.2/24 wgrtable 1 up !route add -net default 192.168.1.1 */etc/hostname.iwx0* join $MY_WIFI wpakey $MY_WIFI_PWD rdomain 1 up autoconf */etc/pf.conf* set skip on lo block return ext_if = "iwx0" vpn_if = "wg0" pass in on $ext_if from $ext_if:network rtable 1 pass out on $ext_if from self match out on $vpn_if from $ext_if:network to any nat-to $vpn_if pass out on $vpn_if ------------------------------------- Then I decided to sysupgrade to SNAPSHOT, which is what I used to do in the past, and the setup stopped working. I tried using tcpdump to understand what is happening, and my guess is that it has to do with DNS, but I couldn't figure out exactly... I'm sure I'm missing a lot of details, if anyone can point me to the right directions (eg, what to check, possible issues) that would be much appreciated. I don't want to use wireguard-tools. If additional info is needed please let me know. Regards, Michel [1] https://dataswamp.org/~solene/2021-10-09-openbsd-wireguard-exit.html [2] https://blog.lambda.cx/posts/openbsd-wireguard-vpn-gateway/