Hello,
 
I've been unsuccesful getting WireGuard running on OpenBSD. Any help? I'm trying to create a VPN from my desktop computer to a VPS. Both endpoints are OpenBSD 6.4 amd64. Here's what I've done:
 
vps# cd /usr/local/src/
vps# git clone https://git.zx2c4.com/wireguard-go
vps# git clone https://git.zx2c4.com/WireGuard
vps# cd wireguard-go
vps# gmake
vps# sed -i 's/install -v/install/g' Makefile
vps# gmake install
vps# cd ../WireGuard/src/tools/
vps# gmake
vps# sed -i 's/install -v/install/g' Makefile
vps# gmake install
 
vps# cd /dev
vps# sh MAKEDEV tun4
vps# ifconfig tun4 create
vps# ifconfig tun4 up 10.99.0.1 10.99.0.2 netmask 255.255.255.0
 
vps# sysctl net.inet.ip.forwarding=1
net.inet.ip.forwarding: 1 -> 1
vps# cat /etc/pf.conf
pass in
pass out
pass out on egress inet from (tun4:network) nat-to (egress:0)
vps# pfctl -f /etc/pf.conf
 
vps# mkdir /etc/wireguard
vps# chmod 700 /etc/wireguard/
vps# cd /etc/wireguard/
vps# wg genkey > secret.key
Warning: writing to world accessible file.
Consider setting the umask to 077 and trying again.
vps# chmod 600 secret.key
vps# wg pubkey < secret.key > public.key
 
vps# cat server.conf
[Interface]
PrivateKey = redacted
ListenPort = 9812
 
[Peer]
PublicKey = 307HGI9N5etOjrKH+twPD55MzEtjB+50QMqBGZ0d73I=
AllowedIPs = 10.99.0.2/32
 
vps# ifconfig tun4                                                                                                 
tun4: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1420
        index 5 priority 0 llprio 3
        groups: tun
        status: active
        inet 10.99.0.1 --> 10.99.0.2 netmask 0xffffff00
 
vps# wireguard-go tun4
vps# wg setconf tun4 server.conf
vps# wg
interface: tun4
  public key: 1xUDhXJyaWP2vYwssSUV/CTzQbx0sQ0hrnDiDAx/lx4=
  private key: (hidden)
  listening port: 9812
peer: 307HGI9N5etOjrKH+twPD55MzEtjB+50QMqBGZ0d73I=
  allowed ips: 10.99.0.2/32
 
On the desktop, I built and installed the software the exact same as above. I created the tun4 interface, created WireGuard keys, etc., all as above. Some details:
 
desktop# cd /etc/wireguard
desktop# cat client.conf                                                                    
[Interface]
PrivateKey = redacted
 
[Peer]
PublicKey = 1xUDhXJyaWP2vYwssSUV/CTzQbx0sQ0hrnDiDAx/lx4=
Endpoint = 192.0.2.1:9812
AllowedIPs = 0.0.0.0/0
 
desktop# ifconfig tun4                                                                      
tun4: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1420
        index 8 priority 0 llprio 3
        groups: tun
        status: active
        inet 10.99.0.2 --> 10.99.0.1 netmask 0xffffff00
 
desktop# wireguard-go tun4
desktop# wg setconf tun4 client.conf
desktop# wg
interface: tun4
  public key: 307HGI9N5etOjrKH+twPD55MzEtjB+50QMqBGZ0d73I=
  private key: (hidden)
  listening port: 27512
peer: 1xUDhXJyaWP2vYwssSUV/CTzQbx0sQ0hrnDiDAx/lx4=
  endpoint: 192.0.2.1:9812
  allowed ips: 0.0.0.0/0
 
Traffic is not passing over the VPN. Am I missing a pf rule or route command? Or something else?
 
Henry