WIRESEP(8) | System Manager's Manual | WIRESEP(8) |
wiresep
—
WireGuard daemon
wiresep |
[-dnVv ] [-f
file] |
The wiresep
daemon runs WireGuard on one
or more tunnel interfaces.
If sent a SIGUSR1
signal,
wiresep
logs statistics.
The arguments are as follows.
-d
-f
file-n
-V
-v
The format for both private keys and pre-shared keys is the same. A file should contain only one key which must be encoded in Base64. Any blank line in the file or lines that start with a ‘#’ are ignored, as well as any text that follows a key. The file must be owned by the superuser and may not have any permission bits set for the group or others. Note that both private keys and pre-shared keys can be conveniently generated with wiresep-keygen(1).
/etc/wiresep/wiresep.conf default
configuration file used by wiresep
The following default locations are used for keys if not configured otherwise. Only the private key for an interface is mandatory, all pre-shared keys are optional.
/etc/wiresep/tunN.privkey default location of the private key used for an interface. tunN must correspond to the name of a configured interface.
/etc/wiresep/global.psk default location of a global pre-shared key
/etc/wiresep/tunN.psk default location of an interface specific pre-shared key
/etc/wiresep/tunN.peer.psk default location of a peer specific pre-shared key
Note that tunN and peer should be substituted for the actual name of a configured interface and peer.
The wiresep
daemon exits 0 after receiving
a TERM signal, or >0 if an error occurs.
Tim Kuijsten
April 5, 2020 | OpenBSD 6.6 |