Abstract
This brief article provides a footnote on the configuration of an OpenBSD machine with two IPv4 addresses: 1.2.3.4/24 and 1.2.4.5/24. In this configuration, 1.2.3.4/24 is utilized as the machine’s address and a point for the tunnel, and 1.2.4.5/24 is forwarded to the remote machine within a dedicated routing domain. Furthermore, the machine in question has an IPv6 network aaaa:bbbb:cccc::/128. One address, aaaa:bbbb:cccc::eeee:ffff/64, is utilized inside the tunnel, while aaaa:bbbb:cccc::1/64 is used on the machine.
Server settings
Configuration of the tunnel on the first machine:
wgkey ...
wgpeer ... \
wgaip 1.2.4.5/32 \
wgaip aaaa:bbbb:cccc::eeee:ffff/128 \
wgpka ... \
wgpsk ...
wgport ...
inet 127.255.255.255/32
inet6 fe80::1/128
!route add 1.2.4.5 -llinfo -link -iface \$if
!route add aaaa:bbbb:cccc::eeee:ffff -llinfo -link -iface \$if
Here we have skipped irrelevant details.1
This assumes that IP forwarding is already enabled as:
net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=1
Client settings
Configuration of the tunnel on the second machine:
rdomain 1
wgrtable 0
wgkey ...
wgpeer ... \
wgendpoint 1.2.3.4 ... \
wgaip 0.0.0.0/0 \
wgaip ::/0 \
wgpka ... \
wgpsk ...
inet 1.2.4.5/32
inet6 aaaa:bbbb:cccc::eeee:ffff/128
!route add 1.2.4.1 -llinfo -link -iface \$if
!route add aaaa:bbbb:cccc::1 -llinfo -link -iface \$if
!route -T 1 add default 1.2.4.1
!route -T 1 add default aaaa:bbbb:cccc::1
Again, irrelevant details are skipped.2
Without the entry
inet 127.255.255.255/32, it is not possible to add a record to the routing table, resulting in the error messageadd host 1.2.4.5: gateway wg0: Network is unreachable. The same applies for IPv6. ↩︎The default IPv6 router via WireGuard may result in a system crash as of June 2024. ↩︎