💾 Archived View for gemini.ctrl-c.club › ~cdrmack › posts › 2023-11-28_wireguard.gmi captured on 2024-05-26 at 15:48:16. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
After upgrading my system to FreeBSD 14.0 I have decided to try WireGuard. I have never used it before and even after reading `wg(8)' I didn't really know how to make it work. After reading few articles I have found about `wg-quick(8)' that made the whole setup a bit simpler.
WireGuard is now part of the FreeBSD kernel so there is no need to install it manually. The only thing I have installed is `wireguard-tools' to get `wg-quick'.
pkg install wireguard-tools
You need to get a WireGuard INI-like config file from your provider. See the example below from the `wg(8)' man pages.
,----
| [Interface]
| PrivateKey = yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk=
| ListenPort = 51820
|
| [Peer]
| PublicKey = xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=
| Endpoint = 192.95.5.67:1234
| AllowedIPs = 10.192.122.3/32, 10.192.124.1/24
`----
Next we need to generate public and private key for our machine. I have created `/etc/wireguard/' directory and run the following as a root user:
umask 077 wg genkey | tee private.key | wg pubkey > public.key
WireGuard protects these files by enforcing that only root should be able read them. This is why we run `umask' first.
You can move your config file to `/etc/wireguard/'. This is the default directory that `wg-quick' uses to find config files.
You can start WireGuard by providing path to the config file:
wg-quick up /etc/wireguard/sample.conf
or provide just the config name if it's inside `/etc/wireguard/'.
wg-quick up sample
You can disable it with `wg-quick down sample' and see running connections with `wg'.