Finally kernal baked wiregaurd - OpenBSD

DNS VPN YASM OBSD-6.7-cur wireguard

2020-07-12


I was expecting smooth wireguard setup on latest snapshot, it didn't. There were many head banging, some were unknown others were YASM.

After reading through wg-tools pkg_readme, ip forwarding was set, added a pf rule along with config explained here

# wg setconf wg0 /path/fo/bar
Unable to modify interface: No such file or directory

This is where the confusion starts, file is indeed present and has right permissions. On the verge of giving up, I did

# pkg_add wireguard-tools

wg-tools was installed already when I tried wg-go, it just the way quirks is, on a safer side always

# pkg_add -u 

after an update or new snapshot.

After the setup, configured keys and scp-ed config to generated qr code on my local machine as qrencode is already installed.

Testing, Because of my dumb typos 'allowd' 'wiregaurd', It took way more time. First thing I noticed was dns field was empty, I went on and ping-ed my local 10.0.0.1 server, it did on my first try.

Configuring tunnels to use unbound, I tried different pf (to be honest without understanding asusual my go-to reason, insomnia) suggested when I STFW all ended in vain. Actually it became worse, I tried four ones dns (bloudbore) just to check, indeed it worked but unbound stopped working. I tried my best even rebooted vps but only vain, at this point I just wanted everything back.

After tinkering, finally I saw 2 okays, back to pavilion.

$ doas rcctl restart unbound
unbound(ok)
unbound(ok)

Just added this to /var/unbound/etc/unbound.conf under server

Interface: 10.0.0.1
access-control: 10.0.0.0/24 allow
do-udp: yes

Tried on phone(termux), it was epic when I ran curl ifconfig.me and dig openbsd.org

I had 5 client configs, 10.0.0.3 is reserverd for my daily driver (3 being lucky?), wireguard walkthrough looks much simple,

Line unrecognized: `Address=10.0.0.3/32'Configuration parsing

wg-quick should solve this,

wg addconf wg0 <(wg strip /path/to/fot/wg0.conf)

I could have saved time this way for OBSD too, in the end I just used

wg-quick up wg0

and copied my config to /etc/wireguard/wg0.conf.

Satisfied!