Wireguard .. "

On FreeBSD wireguard is implemented in go.

Software installation

Using freebsd, poudriere all done and running, repositories pointing the right ways, this is easy. All I have to do is a simple

$ sudo pkg install -y wireguard

This gifts me the installation of two packages, wireguard-go, the main thing and wireguard which does have the /usr/local/bin/wg command, but more importantly, it has the /usr/local/bin/wg-quick which takes a ... kind of simple config file and feeds it to wg.

Server Side

In /usr/local/etc/wireguard/server.conf on the server, I've got the following.

192.168.3.170 is the servers IP on the tun interface with the listed peers

[Interface]
PrivateKey = serverprivate
ListenPort = 51820
Address    = 192.168.3.170/32

[Peer]
PublicKey  = clientpublic
AllowedIPs = 192.168.3.171/32
PersistentKeepalive = 25

Client Side

Very similar to the server, in /usr/local/etc/wireguard/client.conf, and 192.168.3.171 is the clients IP in the wireguard tunnel.

[Interface]
PrivateKey = clientprivate
Address    = 192.168.3.171/32

[Peer]
PublicKey  = serverpublic
Endpoint   =  192.0.2.170:51820
AllowedIPs =  192.168.3.0/24
PersistentKeepalive = 25

192.0.2.170 is the IP of the listening server


Comments

comments powered by Disqus