/*
 * Accueil; tout; à propos + @ + FAQ;
 * => Lire cette page via gemini (gemini?);
 */

VPN wireguard ipv4 and ipv6 (dual-stack) on OpenBSD

Let's assume you followed the instructions given by solene to reach the internet through a wireguard tunnel :

Full wireguard setup with OpenBSD

You can use this tunnel using ipv6 too \o/. Actually it's quite easy since you can add multiple option to wg configuration.

network

Endpoint configuration

$ cat /etc/hostname.wg0
inet 10.0.0.1/24
inet6 fd42::1 64
wgkey changemeplease
wgport 4545
wgpeer changeme1 wgaip 10.0.0.2/32 wgaip fd42::2/64
wgpeer changeme2 wgaip 10.0.0.3/32 wgaip fd42::3/64
$ cat /etc/sysctl.conf
net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=1

Peer configuration

wgkey changemeagain
wgpeer changemeplz \
        wgendpoint xx.xx.xx.xx 4545 wgaip 0.0.0.0/0 \
        wgendpoint yyyy:yyyy:yyyy:yyyy::yyyy 4545 wgaip ::0/0 \
        wgpka 25
inet 10.0.0.3/24
inet6 fd42::3/64
wgrtable 1
up
!route add -inet default 10.0.0.1
!route add -inet6 default fd42::1

Firewall

Nothing to change compared to solene's guide.

Une réaction?

Envoyez votre commentaire par mail.
Mode d'emploi de la liste de diffusion pour recevoir les réponses.