Hi,
On 2025-11-30 21:45, Pierre Peyronnel wrote:
> Hello misc,
>
> I set up an OpenBSD Wireguard client connecting to my existing OpenBSD
> Wireguard server.
> It connects, but I'd like to have several subnets allowed, and I can't
> figure out the appropriate syntax.
> I'd like the equivalent of :
>
> AllowedIPs = 172.16.20.0/24, 172.16.17.0/24
>
> my hostname.wg0 currently looks like:
>
> # cat /etc/hostname.wg0
>
> #server
> wgpeer '(redacted)' wgendpoint (redacted).org 51820 wgaip 10.1.1.0/24
> wgpsk
> '(redacted)'
>
> # setting VPN address
> inet 10.1.1.100 255.255.255.0
> up
>
> # adding route
> !/sbin/route add -inet 10.1.1.0/24 10.1.1.206
> !/sbin/route add -inet 172.16.17.0/24 10.1.1.206
>
> Which works, I can ping the server at 10.1.1.206, but any variation I
> have
> tried on wgaip (for example: wgaip '10.1.1.0/24, 172.16.17.0/24') fails
> with :
This is from the ifconfig(8) man page:
wgaip allowed-ip_address/prefix
Set the peer's IPv4 or IPv6 allowed-ip_address range for
tunneled
traffic. Repeat the option to set multiple ranges. By
default,
no addresses are allowed.
So, you have to do `wgaip 10.1.1.0/24 wgaip 172.16.17.0/24`
>
> # sh /etc/netstart
> ifconfig: wgaip: bad address
>
> I cannot find out the appropriate syntax for wgaip to use in the
> hostname.if format.
> I tried the man and some searching but always found a wireguard-tools
> syntax.
>
> Thanks for your help,
> Pierre
No comments:
Post a Comment