On Thu, Jan 18, 2024 at 08:46:11AM +0100, Kirill Miazine wrote:
> Hi, NetBSD users
>
> I've been setting up a NetBSD box, which has to be connected to the wider
> WireGuard network. There's a while since I managed NetBSD, so I'd like to
> ask for feedback as to whether current setup is considered a "proper" way of
> setting up WireGuard on NetBSD:
>
> 1. Create files with WireGuard private key and pre-shared key
Yes.
> 2. Create ifconfig.wgN with lines to configure network address, and a bunch
> of calls to wgconfig using !. Now while writing this email I discovered that
> I can use $int variable in ifconfig.wgN file, and that made wgconfig calls a
> lot cleaner.
I use something like this as /etc/ifconfig.wg0:
-----8<-----
192.168.2.42/24
!wgconfig ${int} set private-key /etc/wg/${int}
!wgconfig ${int} set listen-port 62345
!wgconfig ${int} add peer .... ..... --allowed-ips=192.168.2.32/32
# more similar "add peer" lines...
up
----->8-----
> 3. Add wgN to net_interfaces in rc.conf.
No need to do that.
Martin
