~eduvpn/server#173: vpn-daemon add_peer API call does not work on OpenBSD

$ curl \
>     -d 'ip_net=10.75.24.9/32' \
>     -d 'ip_net=fdd1:6916:e5a0:6999::9/128' \
>     --data-urlencode 'public_key=kNLsIjAxQ8w3PWgj+Bx8mDComLFPKgCrxPvvq0Lsq2s=' \
>     http://localhost:41194/w/add_peer
{"error":"(*Client).ConfigureDevice(wg0) failed"}

In the console of vpn-daemon (running as root):

2023/11/20 16:54:29 (*Client).ConfigureDevice(wg0) failed: %!s(<nil>)

Status: REPORTED
Submitter: ~fkooman
Assigned to: No-one
Submitted: 1 year, 5 months ago
Updated: 1 year, 4 months ago
Labels: v3.x

~fkooman added v3.x 1 year, 5 months ago

~fkooman 1 year, 5 months ago

Oh, according to the README of wgctrl (https://github.com/WireGuard/wgctrl-go) in OpenBSD this is a read only implementation, so you can't modify peers...

OpenBSD: via ioctl interface (read-only)

~fkooman 1 year, 4 months ago

We "stole" some code from OpenBSD's ifconfig command on how to manage wireguard config. This is very rough code and still only reading. I don't really understand how it all works or why the multiple ioctl calls are needed:

https://paste.sr.ht/~fkooman/8705feda1b1bd22dd53e30952b08bc3bd5f365ba