> On Mar 25, 2020, at 9:31 PM, Brian <br...@mutualaid.info> wrote:
> I don’t know Go very well, but it seems like main.go calls the CreateTUN > function, and CreateTUN (in tun_openbsd.go) tries to open /dev/tun2 in > read-write mode? There seems to be an option to set the WG_TUN_FD environment > variable, so that CreateTUNFromFile gets called instead of CreateTUN, but I > don’t understand how to properly get a file descriptor in this context. I’ve since done some reading and I think that WG_TUN_FD is designed more for contexts like running Wireguard in a container. I’ve been able to get it working as a non-root user on OpenBSD but I did have to give the _wireguard user or group read/write permissions on /dev/tun2 and /var/run/wireguard. I’m exploring some alternatives to this but don’t think there is a bug or anything here. If there are any “best practices” for running wireguard-go as a non-root user I’d love to hear them! -Brian
