| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | .\" $NetBSD: wg.4,v 1.5 2020/08/26 16:03:41 riastradh Exp $ | | 1 | .\" $NetBSD: wg.4,v 1.6 2020/08/31 20:20:22 riastradh Exp $ |
2 | .\" | | 2 | .\" |
3 | .\" Copyright (c) 2020 The NetBSD Foundation, Inc. | | 3 | .\" Copyright (c) 2020 The NetBSD Foundation, Inc. |
4 | .\" All rights reserved. | | 4 | .\" All rights reserved. |
5 | .\" | | 5 | .\" |
6 | .\" Redistribution and use in source and binary forms, with or without | | 6 | .\" Redistribution and use in source and binary forms, with or without |
7 | .\" modification, are permitted provided that the following conditions | | 7 | .\" modification, are permitted provided that the following conditions |
8 | .\" are met: | | 8 | .\" are met: |
9 | .\" 1. Redistributions of source code must retain the above copyright | | 9 | .\" 1. Redistributions of source code must retain the above copyright |
10 | .\" notice, this list of conditions and the following disclaimer. | | 10 | .\" notice, this list of conditions and the following disclaimer. |
11 | .\" 2. Redistributions in binary form must reproduce the above copyright | | 11 | .\" 2. Redistributions in binary form must reproduce the above copyright |
12 | .\" notice, this list of conditions and the following disclaimer in the | | 12 | .\" notice, this list of conditions and the following disclaimer in the |
13 | .\" documentation and/or other materials provided with the distribution. | | 13 | .\" documentation and/or other materials provided with the distribution. |
14 | .\" | | 14 | .\" |
| @@ -28,28 +28,28 @@ | | | @@ -28,28 +28,28 @@ |
28 | .Dt WG 4 | | 28 | .Dt WG 4 |
29 | .Os | | 29 | .Os |
30 | .\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" | | 30 | .\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" |
31 | .Sh NAME | | 31 | .Sh NAME |
32 | .Nm wg | | 32 | .Nm wg |
33 | .Nd virtual private network tunnel (EXPERIMENTAL) | | 33 | .Nd virtual private network tunnel (EXPERIMENTAL) |
34 | .\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" | | 34 | .\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" |
35 | .Sh SYNOPSIS | | 35 | .Sh SYNOPSIS |
36 | .Cd pseudo-device wg | | 36 | .Cd pseudo-device wg |
37 | .\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" | | 37 | .\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" |
38 | .Sh DESCRIPTION | | 38 | .Sh DESCRIPTION |
39 | The | | 39 | The |
40 | .Nm | | 40 | .Nm |
41 | interface implements a point-to-point roaming-capable virtual private | | 41 | interface implements a roaming-capable virtual private network tunnel, |
42 | network tunnel, configured with | | 42 | configured with |
43 | .Xr ifconfig 8 | | 43 | .Xr ifconfig 8 |
44 | and | | 44 | and |
45 | .Xr wgconfig 8 . | | 45 | .Xr wgconfig 8 . |
46 | .Pp | | 46 | .Pp |
47 | .Sy WARNING: | | 47 | .Sy WARNING: |
48 | .Nm | | 48 | .Nm |
49 | is experimental. | | 49 | is experimental. |
50 | .Pp | | 50 | .Pp |
51 | Packets exchanged on a | | 51 | Packets exchanged on a |
52 | .Nm | | 52 | .Nm |
53 | interface are authenticated and encrypted with a secret key negotiated | | 53 | interface are authenticated and encrypted with a secret key negotiated |
54 | with the peer, and the encapsulation is exchanged over IP or IPv6 using | | 54 | with the peer, and the encapsulation is exchanged over IP or IPv6 using |
55 | UDP. | | 55 | UDP. |
| @@ -107,43 +107,45 @@ X7EGm3T3IfodBcyilkaC89j0SH3XD6+/pwvp7Dgp | | | @@ -107,43 +107,45 @@ X7EGm3T3IfodBcyilkaC89j0SH3XD6+/pwvp7Dgp |
107 | .Ed | | 107 | .Ed |
108 | .Pp | | 108 | .Pp |
109 | Configure A to listen on port 1234 and allow connections from B to | | 109 | Configure A to listen on port 1234 and allow connections from B to |
110 | appear in the 10.0.1.0/24 subnet: | | 110 | appear in the 10.0.1.0/24 subnet: |
111 | .Bd -literal -offset abcd | | 111 | .Bd -literal -offset abcd |
112 | A# ifconfig wg0 create 10.0.1.0/24 | | 112 | A# ifconfig wg0 create 10.0.1.0/24 |
113 | A# wgconfig wg0 set private-key /etc/wg/wg0 | | 113 | A# wgconfig wg0 set private-key /etc/wg/wg0 |
114 | A# wgconfig wg0 set listen-port 1234 | | 114 | A# wgconfig wg0 set listen-port 1234 |
115 | A# wgconfig wg0 add peer B \e | | 115 | A# wgconfig wg0 add peer B \e |
116 | X7EGm3T3IfodBcyilkaC89j0SH3XD6+/pwvp7Dgp5SU= \e | | 116 | X7EGm3T3IfodBcyilkaC89j0SH3XD6+/pwvp7Dgp5SU= \e |
117 | --allowed-ips=10.0.1.1/32 | | 117 | --allowed-ips=10.0.1.1/32 |
118 | A# ifconfig wg0 up | | 118 | A# ifconfig wg0 up |
119 | A# ifconfig wg0 | | 119 | A# ifconfig wg0 |
120 | wg0: flags=0x51<UP,POINTOPOINT,RUNNING> mtu 1420 | | 120 | wg0: flags=0x8041<UP,RUNNING,MULTICAST> mtu 1420 |
121 | inet 10.0.1.0/24 -> flags 0 | | 121 | inet 10.0.1.0/24 flags 0 |
| | | 122 | inet6 fe80::22f7:d6ff:fe3a:1e60%wg0/64 flags 0 scopeid 0x3 |
122 | .Ed | | 123 | .Ed |
123 | .Pp | | 124 | .Pp |
124 | Configure B to connect to A at 1.2.3.4 on port 1234 and the packets can | | 125 | Configure B to connect to A at 1.2.3.4 on port 1234 and the packets can |
125 | begin to flow: | | 126 | begin to flow: |
126 | .Bd -literal -offset abcd | | 127 | .Bd -literal -offset abcd |
127 | B# ifconfig wg0 create 10.0.1.1/24 | | 128 | B# ifconfig wg0 create 10.0.1.1/24 |
128 | B# wgconfig wg0 set private-key /etc/wg/wg0 | | 129 | B# wgconfig wg0 set private-key /etc/wg/wg0 |
129 | B# wgconfig wg0 add peer A \e | | 130 | B# wgconfig wg0 add peer A \e |
130 | N+B4Nelg+4ysvbLW3qenxIwrJVE9MdjMyqrIisH7V0Y= \e | | 131 | N+B4Nelg+4ysvbLW3qenxIwrJVE9MdjMyqrIisH7V0Y= \e |
131 | --allowed-ips=10.0.1.0/32 \e | | 132 | --allowed-ips=10.0.1.0/32 \e |
132 | --endpoint=1.2.3.4:1234 | | 133 | --endpoint=1.2.3.4:1234 |
133 | B# ifconfig wg0 up | | 134 | B# ifconfig wg0 up |
134 | B# ifconfig wg0 | | 135 | B# ifconfig wg0 |
135 | wg0: flags=0x51<UP,POINTOPOINT,RUNNING> mtu 1420 | | 136 | wg0: flags=0x8041<UP,RUNNING,MULTICAST> mtu 1420 |
136 | inet 10.0.1.1/24 -> flags 0 | | 137 | inet 10.0.1.1/24 flags 0 |
| | | 138 | inet6 fe80::56eb:59ff:fe3d:d413%wg0/64 flags 0 scopeid 0x3 |
137 | B# ping -n 10.0.1.0 | | 139 | B# ping -n 10.0.1.0 |
138 | PING 10.0.1.0 (10.0.1.0): 56 data bytes | | 140 | PING 10.0.1.0 (10.0.1.0): 56 data bytes |
139 | 64 bytes from 10.0.1.0: icmp_seq=0 ttl=255 time=2.721110 ms | | 141 | 64 bytes from 10.0.1.0: icmp_seq=0 ttl=255 time=2.721110 ms |
140 | \&... | | 142 | \&... |
141 | .Ed | | 143 | .Ed |
142 | .\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" | | 144 | .\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" |
143 | .Sh SEE ALSO | | 145 | .Sh SEE ALSO |
144 | .Xr wg-keygen 8 , | | 146 | .Xr wg-keygen 8 , |
145 | .Xr wgconfig 8 | | 147 | .Xr wgconfig 8 |
146 | .\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" | | 148 | .\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" |
147 | .Sh COMPATIBILITY | | 149 | .Sh COMPATIBILITY |
148 | The | | 150 | The |
149 | .Nm | | 151 | .Nm |