Support for running as non-root user on OpenBSD with WG_TUN_FD?

Brian brian at
Mon Mar 30 19:17:36 CEST 2020

> On Mar 25, 2020, at 9:31 PM, Brian <brian at> wrote:

> I don’t know Go very well, but it seems like main.go calls the CreateTUN function, and CreateTUN (in tun_openbsd.go) tries to open /dev/tun2 in read-write mode? There seems to be an option to set the WG_TUN_FD environment variable, so that CreateTUNFromFile gets called instead of CreateTUN, but I don’t understand how to properly get a file descriptor in this context.

I’ve since done some reading and I think that WG_TUN_FD is designed more for contexts like running Wireguard in a container.

I’ve been able to get it working as a non-root user on OpenBSD but I did have to give the _wireguard user or group read/write permissions on /dev/tun2 and /var/run/wireguard. I’m exploring some alternatives to this but don’t think there is a bug or anything here. If there are any “best practices” for running wireguard-go as a non-root user I’d love to hear them!


More information about the WireGuard mailing list