This brief article provides a footnote on the configuration of an OpenBSD machine with two IPv4 addresses: 1.2.3.4/24 and 1.2.4.5/24. In this configuration, 1.2.3.4/24 is utilized as the machines address and an point for the tunnel, and 1.2.4.5/24 is forwarded to the remote machine within a dedicated routing domain. Furthermore, the machine in question has an IPv6 network aaaa:bbbb:cccc::/128. One address, aaaa:bbbb:cccc::eeee:ffff/64, is utilized inside the tunnel, while aaaa:bbbb:cccc::1/64 is used on the machine.
Server settings
Configuration of the tunel on the first machine:
wgkey ...
wgpeer ... \
wgaip 1.2.4.5/32 \
wgaip aaaa:bbbb:cccc::eeee:ffff/128 \
wgpka ... \
wgpsk ...
wgport ...
inet 127.255.255.255/32
inet6 fe80::1/128
!route add 1.2.4.5 -llinfo -link -iface \$if
!route add aaaa:bbbb:cccc::eeee:ffff -llinfo -link -iface \$if
Here we had skip irrelevant details.1
This is made with assumption that IP forwarding already enabled as:
net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=1
Client settings
Configuration of the tunel on the second machine:
rdomain 1
wgrtable 0
wgkey ...
wgpeer ... \
wgendpoint 1.2.3.4 ... \
wgaip 0.0.0.0/0 \
wgaip ::/0 \
wgpka ... \
wgpsk ...
inet 1.2.4.5/24
inet6 aaaa:bbbb:cccc::eeee:ffff/64
#!route -T 1 add default 1.2.4.1
#!route -T 1 add default aaaa:bbbb:cccc::1
Again, irrelevant details are skiped.2
It is notable to add that without the entry
inet 127.255.255.255/32, it is not possible to add a record to the routing table, resulting in the error messageadd host 1.2.4.5: gateway wg0: Network is unreachable. And the same applies for IPv6 ↩︎It should be noted that the default IPv6 router via WireGuard may result in a system crash as of June 2024. ↩︎