<html><head></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div>Hello,</div>
<div> </div>
<div>I've been unsuccesful getting WireGuard running on OpenBSD. Any help? I'm trying to create a VPN from my desktop computer to a VPS. Both endpoints are OpenBSD 6.4 amd64. Here's what I've done:</div>
<div> </div>
<div>
<div>vps# cd /usr/local/src/<br/>
vps# git clone https://git.zx2c4.com/wireguard-go<br/>
vps# git clone https://git.zx2c4.com/WireGuard</div>
<div>vps# cd wireguard-go<br/>
vps# gmake<br/>
vps# sed -i 's/install -v/install/g' Makefile<br/>
vps# gmake install<br/>
vps# cd ../WireGuard/src/tools/<br/>
vps# gmake<br/>
vps# sed -i 's/install -v/install/g' Makefile<br/>
vps# gmake install</div>
<div> </div>
</div>
<div>
<div>vps# cd /dev<br/>
vps# sh MAKEDEV tun4<br/>
vps# ifconfig tun4 create<br/>
vps# ifconfig tun4 up 10.99.0.1 10.99.0.2 netmask 255.255.255.0</div>
<div> </div>
<div>
<div>vps# sysctl net.inet.ip.forwarding=1<br/>
net.inet.ip.forwarding: 1 -> 1</div>
<div>vps# cat /etc/pf.conf<br/>
pass in<br/>
pass out<br/>
pass out on egress inet from (tun4:network) nat-to (egress:0)<br/>
vps# pfctl -f /etc/pf.conf<br/>
</div>
<div>vps# mkdir /etc/wireguard<br/>
vps# chmod 700 /etc/wireguard/<br/>
vps# cd /etc/wireguard/<br/>
vps# wg genkey > secret.key<br/>
Warning: writing to world accessible file.<br/>
Consider setting the umask to 077 and trying again.<br/>
vps# chmod 600 secret.key<br/>
vps# wg pubkey < secret.key > public.key<br/>
</div>
<div>
<div>vps# cat server.conf<br/>
[Interface]<br/>
PrivateKey = redacted<br/>
ListenPort = 9812</div>
<div> </div>
<div>[Peer]<br/>
PublicKey = 307HGI9N5etOjrKH+twPD55MzEtjB+50QMqBGZ0d73I=<br/>
AllowedIPs = 10.99.0.2/32</div>
<div> </div>
<div>vps# ifconfig tun4 <br/>
tun4: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1420<br/>
index 5 priority 0 llprio 3<br/>
groups: tun<br/>
status: active<br/>
inet 10.99.0.1 --> 10.99.0.2 netmask 0xffffff00<br/>
</div>
<div>
<div>vps# wireguard-go tun4<br/>
vps# wg setconf tun4 server.conf<br/>
vps# wg<br/>
interface: tun4<br/>
public key: 1xUDhXJyaWP2vYwssSUV/CTzQbx0sQ0hrnDiDAx/lx4=<br/>
private key: (hidden)<br/>
listening port: 9812</div>
<div>peer: 307HGI9N5etOjrKH+twPD55MzEtjB+50QMqBGZ0d73I=<br/>
allowed ips: 10.99.0.2/32<br/>
</div>
<div>On the desktop, I built and installed the software the exact same as above. I created the tun4 interface, created WireGuard keys, etc., all as above. Some details:</div>
<div> </div>
<div>desktop# cd /etc/wireguard</div>
<div>
<div>desktop# cat client.conf <br/>
[Interface]<br/>
PrivateKey = redacted</div>
<div> </div>
<div>[Peer]<br/>
PublicKey = 1xUDhXJyaWP2vYwssSUV/CTzQbx0sQ0hrnDiDAx/lx4=<br/>
Endpoint = 192.0.2.1:9812<br/>
AllowedIPs = 0.0.0.0/0</div>
<div> </div>
<div>desktop# ifconfig tun4 <br/>
tun4: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1420<br/>
index 8 priority 0 llprio 3<br/>
groups: tun<br/>
status: active<br/>
inet 10.99.0.2 --> 10.99.0.1 netmask 0xffffff00<br/>
</div>
<div>desktop# wireguard-go tun4</div>
<div>desktop# wg setconf tun4 client.conf</div>
<div>desktop# wg
<div>interface: tun4<br/>
public key: 307HGI9N5etOjrKH+twPD55MzEtjB+50QMqBGZ0d73I=<br/>
private key: (hidden)<br/>
listening port: 27512</div>
<div>peer: 1xUDhXJyaWP2vYwssSUV/CTzQbx0sQ0hrnDiDAx/lx4=<br/>
endpoint: 192.0.2.1:9812<br/>
allowed ips: 0.0.0.0/0<br/>
</div>
</div>
<div>Traffic is not passing over the VPN. Am I missing a pf rule or route command? Or something else?</div>
<div> </div>
<div>Henry</div>
</div>
</div>
</div>
</div>
</div></div></body></html>