Re: WireGuard setup in NetBSD 10 [SOLVED]
• Martin Husemann [2024-01-18 11:36]: > > Step 3 has to be a different one: load if_wg module, to make sure wg is > > listed as a clonable interface. > > Yes, indeed, and it is slightly subtle (auto-hiding by module auto-loading). > > I have all my router kernels running securelevl >= 1 and module > auto-loading disabled, so I do have to make sure the if_wg module is > present before we go multi-user. Also in this setup the failure is > more obvious. Thanks for your input! I had a feeling something was wrong, but couldn't easily tell what it was. I'm neither used to loadable kernel modules nor securelevel being -1 by default... -- Kirill
Re: WireGuard setup in NetBSD 10 [SOLVED]
On Thu, Jan 18, 2024 at 11:16:16AM +0100, Kirill Miazine wrote: > Step 3 has to be a different one: load if_wg module, to make sure wg is > listed as a clonable interface. Yes, indeed, and it is slightly subtle (auto-hiding by module auto-loading). I have all my router kernels running securelevl >= 1 and module auto-loading disabled, so I do have to make sure the if_wg module is present before we go multi-user. Also in this setup the failure is more obvious. Martin
Re: WireGuard setup in NetBSD 10 [SOLVED]
Step 3 has to be a different one: load if_wg module, to make sure wg is listed as a clonable interface. • Kirill Miazine [2024-01-18 08:46]: > Hi, NetBSD users > > I've been setting up a NetBSD box, which has to be connected to the wider > WireGuard network. There's a while since I managed NetBSD, so I'd like to > ask for feedback as to whether current setup is considered a "proper" way of > setting up WireGuard on NetBSD: > > 1. Create files with WireGuard private key and pre-shared key > > 2. Create ifconfig.wgN with lines to configure network address, and a bunch > of calls to wgconfig using !. Now while writing this email I discovered that > I can use $int variable in ifconfig.wgN file, and that made wgconfig calls a > lot cleaner. > > 3. Add wgN to net_interfaces in rc.conf. 3. Add if_wg to /etc/modules.conf > Does the above seem sensible? > > The part which bothers me _a little_ is the last one with adding wgN to > net_interfaces, which also made me have to disable auto_ifconfig and thus > having to list also the normal network interface in net_interfaces. Mere > presence of ifconfig.wgN won't create and configure wgN, will it? > > Thanks! >
