Wireguard .. "

On FreeBSD wireguard is implemented in go.

Software installation

Using freebsd, poudriere all done and running, repositories pointing the right ways, this is easy. All I have to do is a simple

$ sudo pkg install -y wireguard

This gifts me the installation of two packages, wireguard-go, the main thing and wireguard which does have the /usr/local/bin/wg command, but more importantly, it has the /usr/local/bin/wg-quick which takes a ... kind of simple config file and feeds it to wg.

Server Side

In /usr/local/etc/wireguard/server.conf on the server, I've got the following.

192.168.3.170 is the servers IP on the tun interface with the listed peers

[Interface]
PrivateKey = serverprivate
ListenPort = 51820
Address    = 192.168.3.170/32

[Peer]
PublicKey  = clientpublic
AllowedIPs = 192.168.3.171/32
PersistentKeepalive = 25

Just a minor thing that upsets me with this, and confused me a lot. ListenPort is just fine, that's the port it listens on, Address on the other hand has nothing to do with the listening side of things but is related to the tunnel side of things, I kind of wish it was TunnelAddress and perhaps also a ListenAddress or instead of ListenPort it could have been the more traditional ListenBind to imply where the socket would be bound and hint towards a more traditional way of writing with 0.0.0.0:51820 or :51820 or [::]:51820, but of course that takes a lot extra work to create the parser that now just have to deal with a simple integer.

Might be minor, but it did upset me a lot ;-)

Client Side

Very similar to the server, in /usr/local/etc/wireguard/client.conf, and 192.168.3.171 is the clients IP in the wireguard tunnel.

[Interface]
PrivateKey = clientprivate
Address    = 192.168.3.171/32

[Peer]
PublicKey  = serverpublic
Endpoint   =  192.0.2.170:51820
AllowedIPs =  192.168.3.0/24
PersistentKeepalive = 25

192.0.2.170 is the IP of the listening server