WireGuard on DragonFly

Aaron LI
2024-01-16

NOTE: This configures a WireGuard client.

1. Pull my 'wireguard' (working branch) from:
   https://github.com/liweitianux/dragonflybsd/tree/wireguard

2. Build and install (both the kernel and world), then reboot.

3. Generate a private key if not yet:

   $ openssl rand -base64 32

4. As client, create and configure the wg interface (wg0 here):

   $ ifconfig wg create
   $ ifconfig wg0 inet x.x.x.x/xx alias
   $ ifconfig wg0 wgkey <privkey>

5. Add the remote peer:

   $ ifconfig wg0 wgpeer <peerkey> wgendpoint <ip> <port> wgaip <aip> wgpka <keepalive>

6. Bring up the interface and finish:

   $ ifconfig wg0 up
   $ ping <peer-ip>


NOTE:
If the private key was generated with 'openssl' above, it will be auto corrected
to make a valid Curve25519 key, and it can be shown by:
$ ifconfig -k wg0 | grep wgkey:


Example script:
---------------
#!/bin/sh

ifname=wg0
addr="10.7.17.101/24"
privkey="<private-key>"
peer="<peer-public-key>"
endpoint="192.168.33.4 6222"
aip="10.7.17.0/24"
pka=25

set -x

ifconfig ${ifname} || sudo ifconfig ${ifname} create || exit 1

sudo ifconfig ${ifname} inet ${addr} alias
sudo ifconfig ${ifname} wgkey ${privkey}
sudo ifconfig ${ifname} wgpeer ${peer} wgendpoint ${endpoint}
sudo ifconfig ${ifname} wgpeer ${peer} wgaip ${aip}
sudo ifconfig ${ifname} wgpeer ${peer} wgpka ${pka}
sudo ifconfig ${ifname} up
sudo ifconfig ${ifname}

ping -c 3 10.7.17.1
---------------

Example script for server side:
-------------------------------
#!/bin/sh

ifname=wg0
ip="10.7.17.1/24"
privkey="<private-key>"
port=6222
peer="<peer-public-key>"
pip="10.7.17.101/32"

set -x

ifconfig ${ifname} || ifconfig ${ifname} create || exit 1
ifconfig ${ifname} inet ${ip} alias
ifconfig ${ifname} wgkey ${privkey}
ifconfig ${ifname} wgport ${port}
ifconfig ${ifname} wgpeer ${peer} wgaip ${pip}
ifconfig ${ifname} up
-------------------------------