Skip to main content

Wireguard OpenBSD client

In this post, I will be installing Wireguard on my OpenBSD laptop to be able to connect to my personal services over a secure tunnel.

Setting up OpenBSD client

Installing Wireguard

Wireguard tools are officially included in the OpenBSD repository, but are usually a bit outdated. To install them, type:

$ doas pkg_add wireguard-tools

As usual, OpenBSD provides excellent documentation about Wireguard (man wg), use it if necessary.

 

doas su

umask 077

mkdir /etc/wireguard/{keys,psk}

wg genkey | tee wg0_private.key | wg pubkey > wg0_public.key

touch wg0.conf

[Interface]
PrivateKey = generatedprivatekey
Address = 10.20.20.5/29

[Peer]
PublicKey =
PresharedKey =
AllowedIPs = 10.20.20.1/32
Endpoint = publicIP:port

SERVER

wg genpsk > openbsd_client.psk

[Peer]
PublicKey =
PresharedKey =
AllowedIPs = 10.20.20.5/32

$ sudo wg-quick down wg0

$ sudo wg-quick up wg0

script it &&

CLIENT

wg-quick up wg0

 

 

Back to top