WIRESEP(8) System Manager's Manual WIRESEP(8)

wiresepWireGuard daemon

wiresep [-dnVv] [-f file]

The wiresep daemon runs WireGuard on one or more tunnel interfaces.

If sent a SIGUSR1 signal, wiresep logs statistics.

The arguments are as follows.

Do not daemonize but stay in foreground.
Use file as the configuration file instead of the default.
Config test mode. No output is shown if there are no errors.
Print the version of WireSep.
Be verbose. Specify once or twice when troubleshooting the network, more is probably only interesting if you're a developer.

The format for both private keys and pre-shared keys is the same. A file should contain only one key which must be encoded in Base64. Any blank line in the file or lines that start with a ‘#’ are ignored, as well as any text that follows a key. The file must be owned by the superuser and may not have any permission bits set for the group or others. Note that both private keys and pre-shared keys can be conveniently generated with wiresep-keygen(1).

/etc/wiresep/wiresep.conf default configuration file used by wiresep

The following default locations are used for keys if not configured otherwise. Only the private key for an interface is mandatory, all pre-shared keys are optional.

/etc/wiresep/tunN.privkey default location of the private key used for an interface. tunN must correspond to the name of a configured interface.

/etc/wiresep/global.psk default location of a global pre-shared key

/etc/wiresep/tunN.psk default location of an interface specific pre-shared key

/etc/wiresep/tunN.peer.psk default location of a peer specific pre-shared key

Note that tunN and peer should be substituted for the actual name of a configured interface and peer.

The wiresep daemon exits 0 after receiving a TERM signal, or >0 if an error occurs.

wiresep-keygen(1), wiresep.conf(5)

Tim Kuijsten

April 5, 2020 OpenBSD 6.6