Is there a way to achieve what the title says? After messing around with wgephemeralpeer and having it yell at me, I’m assuming the answer is no, but I’d be happy if someone proved me wrong. If not, does anyone know of a way to get PQ encryption with WireGuard on OpenBSD? I was originally going to set up NetBird, only to find it doesn’t work on the BSDs either…
So, after checking the code briefly, I figured out why it failed. It uses wgctrl, and if you look at the README, you’ll see:
wgctrlcan control multiple types of WireGuard devices, including:
- Kernel module devices
- Linux: via generic netlink
- FreeBSD: via ioctl interface
- OpenBSD: via ioctl interface (read-only)
- Windows: via ioctl interface
- Userspace devices via the userspace configuration protocol
I just submitted a PR fixing this lol.
2 Likes
BTW, since it seems that wgephemeralpeer does not support refreshing the PSK, I’ve written a shitty little script to do it. This might be useful if you e.g. set up a cron job to run it daily. There’s no error checking, so uh, don’t mess up the arguments I guess? I’ve only set this up for IPv4 (since that’s all my VPS supports). You’ll likely need to adjust it for your needs.