wireguard on openbsd

OpenBSD has its hostname.if(5) files. The ones starting with inet declaration

A wgpeer's parameters might need to be on the same line as the wgpeer starts.

And wgdesc/wgdescr/wgdescription seem to not work. There seems to be some recent mess.

The manual says to call /etc/netstart with sh /etc/netstart [-n] interface . The -n option prints the shell commands.

To not have the private key in the file, it is possible to https://www.adrianobarbosa.xyz/blog/openbsd-wireguard.html">use a config file through any other scripting called right from the hostname.if file. Instead of wireguard-tools, just calling ifconfig from such a script is just as well an option.

Note that the private keys are just random numbers in base64 you can generate with openssl rand. So are the psk which are considered useful as protecting from post-quantum.

Follow things by up . Not sure if it's needed, but haven't tried without.