Hello,
I've been unsuccesful getting WireGuard running on OpenBSD. Any help? I'm trying to create a VPN from my desktop computer to a VPS. Both endpoints are OpenBSD 6.4 amd64. Here's what I've done:
vps# cd /usr/local/src/
vps# git clone https://git.zx2c4.com/wireguard-go
vps# git clone https://git.zx2c4.com/WireGuard
vps# git clone https://git.zx2c4.com/wireguard-go
vps# git clone https://git.zx2c4.com/WireGuard
vps# cd wireguard-go
vps# gmake
vps# sed -i 's/install -v/install/g' Makefile
vps# gmake install
vps# cd ../WireGuard/src/tools/
vps# gmake
vps# sed -i 's/install -v/install/g' Makefile
vps# gmake install
vps# gmake
vps# sed -i 's/install -v/install/g' Makefile
vps# gmake install
vps# cd ../WireGuard/src/tools/
vps# gmake
vps# sed -i 's/install -v/install/g' Makefile
vps# gmake install
vps# cd /dev
vps# sh MAKEDEV tun4
vps# ifconfig tun4 create
vps# ifconfig tun4 up 10.99.0.1 10.99.0.2 netmask 255.255.255.0
vps# sh MAKEDEV tun4
vps# ifconfig tun4 create
vps# ifconfig tun4 up 10.99.0.1 10.99.0.2 netmask 255.255.255.0
vps# sysctl net.inet.ip.forwarding=1
net.inet.ip.forwarding: 1 -> 1
net.inet.ip.forwarding: 1 -> 1
vps# cat /etc/pf.conf
pass in
pass out
pass out on egress inet from (tun4:network) nat-to (egress:0)
vps# pfctl -f /etc/pf.conf
pass in
pass out
pass out on egress inet from (tun4:network) nat-to (egress:0)
vps# pfctl -f /etc/pf.conf
vps# mkdir /etc/wireguard
vps# chmod 700 /etc/wireguard/
vps# cd /etc/wireguard/
vps# wg genkey > secret.key
Warning: writing to world accessible file.
Consider setting the umask to 077 and trying again.
vps# chmod 600 secret.key
vps# wg pubkey < secret.key > public.key
vps# chmod 700 /etc/wireguard/
vps# cd /etc/wireguard/
vps# wg genkey > secret.key
Warning: writing to world accessible file.
Consider setting the umask to 077 and trying again.
vps# chmod 600 secret.key
vps# wg pubkey < secret.key > public.key
vps# cat server.conf
[Interface]
PrivateKey = redacted
ListenPort = 9812
[Interface]
PrivateKey = redacted
ListenPort = 9812
[Peer]
PublicKey = 307HGI9N5etOjrKH+twPD55MzEtjB+50QMqBGZ0d73I=
AllowedIPs = 10.99.0.2/32
PublicKey = 307HGI9N5etOjrKH+twPD55MzEtjB+50QMqBGZ0d73I=
AllowedIPs = 10.99.0.2/32
vps# ifconfig tun4
tun4: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1420
index 5 priority 0 llprio 3
groups: tun
status: active
inet 10.99.0.1 --> 10.99.0.2 netmask 0xffffff00
tun4: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1420
index 5 priority 0 llprio 3
groups: tun
status: active
inet 10.99.0.1 --> 10.99.0.2 netmask 0xffffff00
vps# wireguard-go tun4
vps# wg setconf tun4 server.conf
vps# wg
interface: tun4
public key: 1xUDhXJyaWP2vYwssSUV/CTzQbx0sQ0hrnDiDAx/lx4=
private key: (hidden)
listening port: 9812
vps# wg setconf tun4 server.conf
vps# wg
interface: tun4
public key: 1xUDhXJyaWP2vYwssSUV/CTzQbx0sQ0hrnDiDAx/lx4=
private key: (hidden)
listening port: 9812
peer: 307HGI9N5etOjrKH+twPD55MzEtjB+50QMqBGZ0d73I=
allowed ips: 10.99.0.2/32
allowed ips: 10.99.0.2/32
On the desktop, I built and installed the software the exact same as above. I created the tun4 interface, created WireGuard keys, etc., all as above. Some details:
desktop# cd /etc/wireguard
desktop# cat client.conf
[Interface]
PrivateKey = redacted
[Interface]
PrivateKey = redacted
[Peer]
PublicKey = 1xUDhXJyaWP2vYwssSUV/CTzQbx0sQ0hrnDiDAx/lx4=
Endpoint = 192.0.2.1:9812
AllowedIPs = 0.0.0.0/0
PublicKey = 1xUDhXJyaWP2vYwssSUV/CTzQbx0sQ0hrnDiDAx/lx4=
Endpoint = 192.0.2.1:9812
AllowedIPs = 0.0.0.0/0
desktop# ifconfig tun4
tun4: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1420
index 8 priority 0 llprio 3
groups: tun
status: active
inet 10.99.0.2 --> 10.99.0.1 netmask 0xffffff00
tun4: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1420
index 8 priority 0 llprio 3
groups: tun
status: active
inet 10.99.0.2 --> 10.99.0.1 netmask 0xffffff00
desktop# wireguard-go tun4
desktop# wg setconf tun4 client.conf
desktop# wg
interface: tun4
public key: 307HGI9N5etOjrKH+twPD55MzEtjB+50QMqBGZ0d73I=
private key: (hidden)
listening port: 27512
public key: 307HGI9N5etOjrKH+twPD55MzEtjB+50QMqBGZ0d73I=
private key: (hidden)
listening port: 27512
peer: 1xUDhXJyaWP2vYwssSUV/CTzQbx0sQ0hrnDiDAx/lx4=
endpoint: 192.0.2.1:9812
allowed ips: 0.0.0.0/0
endpoint: 192.0.2.1:9812
allowed ips: 0.0.0.0/0
Traffic is not passing over the VPN. Am I missing a pf rule or route command? Or something else?
Henry
_______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard