Wireguard .. "
Using freebsd, poudriere all done and running, repositories pointing the right ways, this is easy. All I have to do is a simple
$ sudo pkg install -y wireguard
This gifts me the installation of two packages, wireguard-go, the main thing and wireguard
which does have the
/usr/local/bin/wg command, but more importantly, it has
/usr/local/bin/wg-quick which takes a ... kind of simple config
file and feeds it to wg.
/usr/local/etc/wireguard/server.conf on the server, I've got the
192.168.3.170 is the servers IP on the tun interface with the listed peers
[Interface] PrivateKey = serverprivate ListenPort = 51820 Address = 192.168.3.170/32 [Peer] PublicKey = clientpublic AllowedIPs = 192.168.3.171/32 PersistentKeepalive = 25
Just a minor thing that upsets me with this, and confused me a lot.
ListenPort is just fine, that's the port it listens on,
on the other hand has nothing to do with the listening side of things but is
related to the tunnel side of things, I kind of wish it was
TunnelAddress and perhaps also a
ListenAddress or instead of
ListenPort it could have been the more traditional
imply where the socket would be bound and hint towards a more traditional way of writing
with 0.0.0.0:51820 or
[::]:51820, but of
course that takes a lot extra work to create the parser that now just have to deal with a
Might be minor, but it did upset me a lot ;-)
Very similar to the server, in
192.168.3.171 is the clients IP in the wireguard tunnel.
[Interface] PrivateKey = clientprivate Address = 192.168.3.171/32 [Peer] PublicKey = serverpublic Endpoint = 192.0.2.170:51820 AllowedIPs = 192.168.3.0/24 PersistentKeepalive = 25
192.0.2.170 is the IP of the listening server