Finally kernal baked wiregaurd - OpenBSD
2020-07-12
I was expecting smooth wireguard setup on latest snapshot, it didn't. There were many head banging, some were unknown others were YASM.
After reading through wg-tools pkg_readme, ip forwarding was set, added a pf rule along with config explained here
# wg setconf wg0 /path/fo/bar
Unable to modify interface: No such file or directory
This is where the confusion starts, file is indeed present and has right permissions. On the verge of giving up, I did
# pkg_add wireguard-tools
wg-tools was installed already when I tried wg-go, it just the way quirks is, on a safer side always
# pkg_add -u
after an update or new snapshot.
After the setup, configured keys and scp-ed config to generated qr code on my local machine as qrencode is already installed.
Testing, Because of my dumb typos 'allowd' 'wiregaurd', It took way more time. First thing I noticed was dns field was empty, I went on and ping-ed my local 10.0.0.1 server, it did on my first try.
Configuring tunnels to use unbound, I tried different pf (to be honest without understanding asusual my go-to reason, insomnia) suggested when I STFW all ended in vain. Actually it became worse, I tried four ones dns (bloudbore) just to check, indeed it worked but unbound stopped working. I tried my best even rebooted vps but only vain, at this point I just wanted everything back.
After tinkering, finally I saw 2 okays, back to pavilion.
$ doas rcctl restart unbound
unbound(ok)
unbound(ok)
Just added this to /var/unbound/etc/unbound.conf
under server
Interface: 10.0.0.1
access-control: 10.0.0.0/24 allow
do-udp: yes
Tried on phone(termux), it was epic when I ran curl ifconfig.me
and dig openbsd.org
I had 5 client configs, 10.0.0.3 is reserverd for my daily driver (3 being lucky?), wireguard walkthrough looks much simple,
Line unrecognized: `Address=10.0.0.3/32'Configuration parsing
wg-quick should solve this,
wg addconf wg0 <(wg strip /path/to/fot/wg0.conf)
I could have saved time this way for OBSD too, in the end I just used
wg-quick up wg0
and copied my config to /etc/wireguard/wg0.conf.
Satisfied!