wiresep-0.11.3.tar.gz (April 26, 2020)
sha256 - changes - license ISC
Now that a kernel version is integrated into OpenBSD and will probably ship with OpenBSD 6.8, this project is in maintenance mode and will only receive fixes for critical bugs.
$ doas pkg_add wiresep
Generate a new private key for the tun0 interface.
$ doas wiresep-keygen tun0
Then create a configuration and store it in /etc/wiresep/wiresep.conf. A simple example looks like the following:
# This is an example of a server listening on the public ip 198.51.100.7 port
# 1022. It uses the tun0 device with the internal ip addresses 2001:db8::7
# and 172.16.0.1 and allows communication with the peer Jane and Joe. Jane is
# allowed to use any source ip, while Joe may only use 2001:db8::4 or
# 172.16.0.11/30 as the source ip of his packets. The private key for the tun0
# interface can be generated with `wiresep-keygen tun0`.
interface tun0 {
ifaddr 2001:db8::7/126
ifaddr 172.16.0.1/24
listen 198.51.100.7:1022
peer jane {
pubkey BhyBpDfD7joIPPpjBW/g/Wdhiu3iVOzQhKodbsLqJ3A=
allowedips *
}
peer joe {
pubkey AhyBpDfD7joIPPpjBW/g/Wdhiu3iVOzQhKodbsLqJ3A=
allowedips 2001:db8::4
allowedips 172.16.0.11/30
}
}
See wiresep.conf(5) for a complete description of the configuration file.
Once everyting is set, run wiresep(8):
$ doas wiresep
Refer to the manuals for documentation and a configuration example:
The design documents can be found in the doc directory.
Browse the release archive, browse the source code online or clone the repository:
$ git clone https://netsend.nl/wiresep.git
You can send a message to tim at this domain. When sending in patches I prefer the format created by git-format-patch(1).