On Thu, Jan 18, 2024 at 08:46:11AM +0100, Kirill Miazine wrote: > Hi, NetBSD users > > I've been setting up a NetBSD box, which has to be connected to the wider > WireGuard network. There's a while since I managed NetBSD, so I'd like to > ask for feedback as to whether current setup is considered a "proper" way of > setting up WireGuard on NetBSD: > > 1. Create files with WireGuard private key and pre-shared key
Yes. > 2. Create ifconfig.wgN with lines to configure network address, and a bunch > of calls to wgconfig using !. Now while writing this email I discovered that > I can use $int variable in ifconfig.wgN file, and that made wgconfig calls a > lot cleaner. I use something like this as /etc/ifconfig.wg0: -----8<----- 192.168.2.42/24 !wgconfig ${int} set private-key /etc/wg/${int} !wgconfig ${int} set listen-port 62345 !wgconfig ${int} add peer .... ..... --allowed-ips=192.168.2.32/32 # more similar "add peer" lines... up ----->8----- > 3. Add wgN to net_interfaces in rc.conf. No need to do that. Martin