Module Name: src
Committed By: riastradh
Date: Tue Mar 12 02:28:03 UTC 2024
Modified Files:
src/share/man/man4: wg.4
Log Message:
wg(4): Rework example numbering for clarity and add IPv6.
Let's avoid triggering unease with host number 0.
PR misc/58015
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/share/man/man4/wg.4
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/share/man/man4/wg.4
diff -u src/share/man/man4/wg.4:1.7 src/share/man/man4/wg.4:1.8
--- src/share/man/man4/wg.4:1.7 Sat Mar 9 12:36:07 2024
+++ src/share/man/man4/wg.4 Tue Mar 12 02:28:03 2024
@@ -1,4 +1,4 @@
-.\" $NetBSD: wg.4,v 1.7 2024/03/09 12:36:07 riastradh Exp $
+.\" $NetBSD: wg.4,v 1.8 2024/03/12 02:28:03 riastradh Exp $
.\"
.\" Copyright (c) 2020 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -75,21 +75,23 @@ endpoint IP address outside the tunnel.
.Sh EXAMPLES
Typical network topology:
.Bd -literal -offset abcd
-wm0 = 192.0.2.123 bge0 = 198.51.100.45
-
Stationary server: Roaming client:
+---------+ +---------+
| A | | B |
|---------| |---------|
-| [wm0]-------------internet--------[bge0] |
+| | 192.0.2.123 198.51.100.45 | |
+| [wm0]----------internet-----------[bge0] |
| [wg0] port 1234 - - - (tunnel) - - - - - - [wg0] |
-| 10.0.1.0 | 10.0.1.1 |
+| 10.2.0.1 | 10.2.0.42 |
+| fd00:2::0 | fd00:2::42 |
| | | | |
+--[wm1]--+ +-----------------+ +---------+
- | | VPN 10.0.1.0/24 |
+ | 10.1.0.1 | VPN 10.2.0.0/24 |
+ | | fd00:2::/64 |
| +-----------------+
+-----------------+
-| LAN 10.0.0.0/24 |
+| LAN 10.1.0.0/24 |
+| fd00:1::/64 |
+-----------------+
.Ed
.Pp
@@ -114,40 +116,52 @@ A# (umask 0077; wg-keygen > /etc/wg/wg0.
.Ed
.Pp
Configure A to listen on port 1234 and allow connections from B to
-appear in the 10.0.1.0/24 subnet:
+appear in the 10.2.0.0/24 and fd00:2::/64 subnets:
.Bd -literal -offset abcd
-A# ifconfig wg0 create 10.0.1.0/24
+A# ifconfig wg0 create
+A# ifconfig wg0 inet 10.2.0.1/24
+A# ifconfig wg0 inet6 fd00:2::1/64
A# wgconfig wg0 set private-key /etc/wg/wg0
A# wgconfig wg0 set listen-port 1234
A# wgconfig wg0 add peer B \e
X7EGm3T3IfodBcyilkaC89j0SH3XD6+/pwvp7Dgp5SU= \e
--preshared-key=/etc/wg/wg0.A-B \e
- --allowed-ips=10.0.1.1/32
+ --allowed-ips=10.2.0.42/32,fd00:2::42/128
A# ifconfig wg0 up
A# ifconfig wg0
wg0: flags=0x8041<UP,RUNNING,MULTICAST> mtu 1420
- inet 10.0.1.0/24 flags 0
+ status: active
inet6 fe80::22f7:d6ff:fe3a:1e60%wg0/64 flags 0 scopeid 0x3
+ inet6 fd00:2::1/64 flags 0
+ inet 10.2.0.1/24 flags 0
.Ed
.Pp
Configure B to connect to A at 192.0.2.123 on port 1234 and the packets
can begin to flow:
.Bd -literal -offset abcd
-B# ifconfig wg0 create 10.0.1.1/24
+B# ifconfig wg0 create
+B# ifconfig wg0 inet 10.2.0.42/24
+B# ifconfig wg0 inet6 fd00:2::42/64
B# wgconfig wg0 set private-key /etc/wg/wg0
B# wgconfig wg0 add peer A \e
N+B4Nelg+4ysvbLW3qenxIwrJVE9MdjMyqrIisH7V0Y= \e
--preshared-key=/etc/wg/wg0.A-B \e
- --allowed-ips=10.0.1.0/32 \e
+ --allowed-ips=10.2.0.1/32,fd00:2::1/128 \e
--endpoint=192.0.2.123:1234
B# ifconfig wg0 up
B# ifconfig wg0
wg0: flags=0x8041<UP,RUNNING,MULTICAST> mtu 1420
- inet 10.0.1.1/24 flags 0
+ status: active
inet6 fe80::56eb:59ff:fe3d:d413%wg0/64 flags 0 scopeid 0x3
-B# ping -n 10.0.1.0
-PING 10.0.1.0 (10.0.1.0): 56 data bytes
-64 bytes from 10.0.1.0: icmp_seq=0 ttl=255 time=2.721110 ms
+ inet6 fd00:2::42/64 flags 0
+ inet 10.2.0.42/24 flags 0
+B# ping -n 10.2.0.1
+PING 10.2.0.1 (10.2.0.1): 56 data bytes
+64 bytes from 10.2.0.1: icmp_seq=0 ttl=255 time=2.721110 ms
+\&...
+B# ping6 -n fd00:2::1
+PING6(56=40+8+8 bytes) fd00:2::42 --> fd00:2::1
+16 bytes from fd00:2::1, icmp_seq=0 hlim=64 time=2.634 ms
\&...
.Ed
.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
