Remove the old pkg-readme in wireguard-tools. It is obsolete as it deals
with wireguard-go, which is no longer in ports; newer wireguard-tools works with wg(4) in the base OS instead. OK jasper@
This commit is contained in:
parent
b461a1c81f
commit
3af2aed074
|
@ -1,7 +1,8 @@
|
|||
COMMENT = fast and secure VPN
|
||||
COMMENT = tools for use with WireGuard VPN
|
||||
|
||||
DISTNAME = wireguard-tools-1.0.20210914
|
||||
EPOCH = 0
|
||||
REVISION = 0
|
||||
|
||||
CATEGORIES = net security
|
||||
|
||||
|
|
|
@ -1,2 +1,5 @@
|
|||
WireGuard is an extremely simple yet fast and modern VPN that utilizes
|
||||
state-of-the-art cryptography.
|
||||
|
||||
This package provides the standard tools for use with WireGuard, useful
|
||||
in some situations. The VPN itself is handled by wg(4) in the base OS.
|
||||
|
|
|
@ -6,4 +6,3 @@ share/bash-completion/
|
|||
share/bash-completion/completions/
|
||||
share/bash-completion/completions/wg
|
||||
share/bash-completion/completions/wg-quick
|
||||
share/doc/pkg-readmes/${PKGSTEM}
|
||||
|
|
|
@ -1,79 +0,0 @@
|
|||
+-------------------------------------------------------------------------------
|
||||
| Running ${PKGSTEM} on OpenBSD
|
||||
+-------------------------------------------------------------------------------
|
||||
|
||||
Setting up two OpenBSD peers
|
||||
============================
|
||||
|
||||
Assumptions:
|
||||
Two nodes, wg1 and wg2 which will use 10.0.0.1 and 10.0.0.2 respectively within
|
||||
the VPN network. wg1 will be the "server" and wg2 the client. Both nodes use
|
||||
`tun0` as the tunneling interface. wg1 is reachable for wg2 on 192.168.1.1.
|
||||
|
||||
Generating keys
|
||||
---------------
|
||||
|
||||
First generate the private keys and derive the public keys from it for both the
|
||||
server and client:
|
||||
|
||||
# wg genkey | tee server-private.key | wg pubkey > server-public.key
|
||||
# wg genkey | tee client-private.key | wg pubkey > client-public.key
|
||||
|
||||
Networking setup
|
||||
----------------
|
||||
|
||||
On wg1 a few settings are required:
|
||||
|
||||
# sysctl net.inet.ip.forwarding=1
|
||||
# echo 'pass out on egress inet from (tun0:network) nat-to (egress:0)' >> /etc/pf.conf
|
||||
|
||||
Configure the tun0 interfaces for wg1:
|
||||
|
||||
# ifconfig tun0 up 10.0.0.1 10.0.0.2 netmask 255.255.255.0
|
||||
|
||||
and wg2:
|
||||
|
||||
# ifconfig tun0 up 10.0.0.2 10.0.0.1 netmask 255.255.255.0
|
||||
|
||||
Configure the wireguard_go service on both nodes:
|
||||
|
||||
# rcctl enable wireguard_go
|
||||
# rcctl set wireguard_go flags tun0
|
||||
# rcctl start wireguard_go
|
||||
|
||||
Interface configuration
|
||||
-----------------------
|
||||
|
||||
server.conf would be:
|
||||
|
||||
----------8<----------
|
||||
[Interface]
|
||||
PrivateKey = <contents of server-private.key go here>
|
||||
ListenPort = 8080
|
||||
|
||||
[Peer]
|
||||
PublicKey = <contents of client-public.key go here>
|
||||
AllowedIPs = 10.0.0.2/32
|
||||
----------8<----------
|
||||
|
||||
Apply it on wg1:
|
||||
|
||||
# wg setconf tun0 server.conf
|
||||
|
||||
and client.conf:
|
||||
|
||||
----------8<----------
|
||||
[Interface]
|
||||
PrivateKey = <contents of client-private.key go here>
|
||||
|
||||
[Peer]
|
||||
PublicKey = <contents of server-public.key go here>
|
||||
AllowedIPs = 0.0.0.0/0
|
||||
Endpoint = 192.168.1.1:8080
|
||||
----------8<----------
|
||||
|
||||
Apply it on wg2:
|
||||
|
||||
# wg setconf tun0 client.conf
|
||||
|
||||
Now you can reach 10.0.0.1 from wg2 via the tunnel.
|
Loading…
Reference in New Issue