wireguard

After upgrading my system to FreeBSD 14.0, I've decided to finally try WireGuard. I didn't have to install it manually since it's now part of the FreeBSD kernel.

Rather than use `wg(8)' directly, I've decided to play around with `wg-quick(8)' (`wireguard-tools' package).

% pkg install wireguard-tools

WireGuard supports INI-like config files, see the example below (taken from the `wg(8)').

,----

| [Interface]

| PrivateKey = yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk=

| ListenPort = 51820

|

| [Peer]

| PublicKey = xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=

| Endpoint = 192.95.5.67:1234

| AllowedIPs = 10.192.122.3/32, 10.192.124.1/24

`----

I've put few config files from my provider inside `/usr/local/etc/wireguard/'. These files can be used to add and set up interfaces.

% wg-quick up /etc/wireguard/sample.conf

I can skip the full path and just use the config name.

% wg-quick up sample

This works because `wg-quick' looks for configs inside `/usr/local/etc/wireguard/' directory.

When I'm done with the given interface I use `wg-quick down' to tear it down.

% wg-quick down sample

To show current WireGuard configuration and runtime information I simply call `wg'.