On Wed, 5 Jul 2023 at 16:26, Martin Husemann <mar...@duskware.de> wrote: > > On Wed, Jul 05, 2023 at 05:10:42PM +0200, logothesia wrote: > > Hi folks, > > > > What does the landscape look like regarding WireGuard? Is it supported at > > all? > > In -10 and -current it is. I am using it on several machines (mostly with > windows peers).
But you have to add 'pseudo-device wg' to you kernel configuration - it is not on by default: # uname -a NetBSD ymir.lorien.lan 10.99.4 NetBSD 10.99.4 (GENERIC) #6: Wed Jul 5 12:53:40 BST 2023 sysbu...@ymir.lorien.lan:/dumps/sysbuild/amd64/obj/home/sysbuild/src/sys/arch/amd64/compile/GENERIC amd64 # ifconfig -C vether bridge ipsec carp lagg agr pppoe vlan tun tap sl stf ppp lo l2tp gre gif npflog # grep wg /usr/src/sys/arch/amd64/conf/* /usr/src/sys/arch/amd64/conf/ALL:pseudo-device wg # VPN tunnel compatible with WireGuard > > > ifconfig. It is my understanding that wireguard-tools only provides the > > userland stuff (i.e., config file reading and so on). > > You do not even need that, base comes with wgconfig, and "man wg" tells > you all about the setup tricks. > > > Do I have to compile a custom kernel, or enable something somewhere? > > Did you try "ifconfig -C"? That should list all clonable interfaces > and includes "wg" if the kernel knows about it. > > > Not sure if it matters, but I am running NetBSD/evbarm-earmv6hf 9.3. > > You might, or load the if_wg kernel module (by adding it to /etc/modules.conf, > see "man modules.conf"). > > Martin -- ----
