HOWTO set up a Wireguard client on OpenBSD

Ángel Ortega

Use case: you have an OpenBSD machine behind a NAT (or not), robert, and you want to connect it to the Linux server siouxsie that has been set up according to my post named HOWTO set up Wireguard and SSH to connect two hosts behind NAT.

On robert, execute the following:

mkdir -p /etc/wireguard
openssl rand -base64 32 > /etc/wireguard/privatekey

Create the file /etc/hostname.wg0 with the following content:

wgkey {content of /etc/wireguard/privatekey on robert}
wgpeer {content of /etc/wireguard/publickey on siouxsie} wgendpoint {siouxie's ip} 51820 wgaip 10.2.1.1/32 wgpka 60
inet 10.2.1.5 255.255.255.0
up

Now execute:

sh /etc/netstart wg0
ifconfig wg0 | grep wgpubkey | awk '{ print $2 }' > /etc/wireguard/publickey

Now add the following stanza to the file /etc/wireguard/wg0.conf on siouxsie:

[Peer]
PublicKey = {content of /etc/wireguard/publickey on robert}
AllowedIPs = 10.2.1.5/32
PersistentKeepalive = 60

Restart Wireguard on siouxsie by running

systemctl restart wg-quick@wg0

And that's all. Reboot robert to ensure that the wg0 interface is correctly working on startup (it may take a while to be fully running, be patient).

If you found this post useful, you may buy Ángel a coffee.

Comments [Add new one]

None yet.