Development discussion of WireGuard
 help / color / mirror / Atom feed
* Trying out WireGuard's kernel support in OpenBSD's -current snapshots
@ 2020-06-24  6:07 Jason A. Donenfeld
  2020-06-25  4:48 ` johnw
  0 siblings, 1 reply; 2+ messages in thread
From: Jason A. Donenfeld @ 2020-06-24  6:07 UTC (permalink / raw)
  To: wireguard

Hi everyone,

With WireGuard now being enabled on OpenBSD's -current snapshot builds,
it's pretty easy to try it out on the platform. This email describes two
options for doing in the context of basic VPS providers or personal
machines.

Method A) From an existing OpenBSD install

If you already have an OpenBSD install -- perhaps your VPS provider
supports it as an auto install -- things are pretty easy:

1. Use sysupgrade(8) to upgrade to the latest snapshot as root:

    # sysupgrade -s

2. After it installs and it reboots, install wg(8) and wg-quick(8) as
   root:

    # pkg_add wireguard-tools

3. Now you can use wg(8) and wg-quick(8), in addition to ifconfig(8).


Method B) From an existing Linux install

You probably already have a Linux install -- or most likely your VPS
provider will have any number of Linux distros out of the box -- in
which case you can easily overwrite that Linux install with an OpenBSD
install.

1. Download the miniroot installer:

    $ curl -OJL https://cdn.openbsd.org/pub/OpenBSD/snapshots/amd64/miniroot67.img

2. Write the installer to your hard drive, which is usually either vda,
   sda, hda, or nvme0n1. One of these commands will work, and the other
   three will fail:

    $ sudo dd if=miniroot67.img of=/dev/vda
    $ sudo dd if=miniroot67.img of=/dev/sda
    $ sudo dd if=miniroot67.img of=/dev/hda
    $ sudo dd if=miniroot67.img of=/dev/nvme0n1

   After one of those succeeds, this step is complete.

3. Reboot the machine, and connect to its serial port. Most VPS
   providers have an option called "launch console" or similar. You'll see
   the OpenBSD installer. Most of the defaults should suit you fine, and
   there are any number of online manuals on installing OpenBSD.

4. When the installed system boots, install wg(8) and wg-quick(8) as
   root:

    # pkg_add wireguard-tools

5. Now you can use wg(8) and wg-quick(8), in addition to ifconfig(8).


Sidenote) Updating wireguard-go scripts to use the new wg(4) kernel
          driver

If you've already been using WireGuard with OpenBSD, it's via
wireguard-go.  The big recent news is that a new native WireGuard
implementation, wg(4), is now baked into the OpenBSD kernel, and
userland utilities like ifconfig(8) and tcpdump(8) support it too. From
a tooling perspective, however, very little should change: recent
versions of wg(8) and wg-quick(8) support WireGuard using the exact same
semantics as before, with these two exceptions:

1. Instead of running `wireguard-go tun0` to create a tunnel manually,
   you now run `ifconfig wg0 create`.

2. Instead of referring to the WireGuard interface as "tunX", it's now
   "wgX".

Other than those two things, all scripts and commands should behave
identically.


Please let us know if you run into any bugs or other headaches. Thanks
in advance for your testing and feedback.

Enjoy!
Jason

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Trying out WireGuard's kernel support in OpenBSD's -current snapshots
  2020-06-24  6:07 Trying out WireGuard's kernel support in OpenBSD's -current snapshots Jason A. Donenfeld
@ 2020-06-25  4:48 ` johnw
  0 siblings, 0 replies; 2+ messages in thread
From: johnw @ 2020-06-25  4:48 UTC (permalink / raw)
  To: wireguard; +Cc: jason

Hi List,

I just migrate existing Linux wireguard server to OpenBSD wireguard server.

below is what I did.


Upgrade to recent snapshot and pkg_add wireguard-tools

--------------------------------------------
OpenBSD 6.7-current (GENERIC.MP) #297: Wed Jun 24 17:15:28 MDT 2020
deraadt@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
--------------------------------------------

then cp -r all /etc/wirequard from linux to openbsd
create /etc/hostname.wg0

---------------- /etc/hostname.wg0 ----------
inet 192.168.44.1 255.255.255.0 NONE \
description "interface on wg0 (VPN)"
up

!/usr/local/bin/wg setconf wg0 /etc/wireguard/wg0.conf
---------------------------------------------

sh /etc/netstart wg0
config corresponding nat on pf.conf and sysctl net.inet.ip.forwarding=1

Done.

Thanks Jason & Matt.

-- 
Key fingerprint: CDB3 6C62 254B C088 1E5D DD32 182C 97DB CF2C 80AC

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2020-06-25  4:49 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-24  6:07 Trying out WireGuard's kernel support in OpenBSD's -current snapshots Jason A. Donenfeld
2020-06-25  4:48 ` johnw

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).