Hi, Martin
Thanks for sharing your configuration.
• Martin Husemann [2024-01-18 09:02]:
> On Thu, Jan 18, 2024 at 08:46:11AM +0100, Kirill Miazine wrote:
> > Hi, NetBSD users
> >
> > I've been setting up a NetBSD box, which has to be connected to the wider
> > WireGuard network. There's a while since I managed NetBSD, so I'd like to
> > ask for feedback as to whether current setup is considered a "proper" way of
> > setting up WireGuard on NetBSD:
> >
> > 1. Create files with WireGuard private key and pre-shared key
>
> Yes.
Good.
> > 2. Create ifconfig.wgN with lines to configure network address, and a bunch
> > of calls to wgconfig using !. Now while writing this email I discovered that
> > I can use $int variable in ifconfig.wgN file, and that made wgconfig calls a
> > lot cleaner.
>
> I use something like this as /etc/ifconfig.wg0:
>
> -----8<-----
> 192.168.2.42/24
> !wgconfig ${int} set private-key /etc/wg/${int}
> !wgconfig ${int} set listen-port 62345
> !wgconfig ${int} add peer .... ..... --allowed-ips=192.168.2.32/32
> # more similar "add peer" lines...
> up
> ----->8-----
Almost identical to mine, except that I use wg1 (because the network is
configured on wg1 on all the other peers).
> > 3. Add wgN to net_interfaces in rc.conf.
>
> No need to do that.
Good that you say so!
Yet for some reason mine isn't being picked up -- even if I use wg0 instead of
wg1.
So I'll have to dig further, then.
> Martin
--
-- Kirill Miazine <k...@krot.org>
