bhyve bhyve with wg-quick

[quakerdoomer]

I have a wireguard tunnel - call it wg-country0 which I manually create/initiate after booting.
How can I make my bhyve guest use that interface? Any advise regarding rc.conf or commands?
Thanks.

 

[quakerdoomer]

Anyone?

 

[sko]

usually you'd connect bhyve guests to bridges. so you simply create that bridge in rc.conf at boot, then your bhyve guests need to attach to that bridge as well as your wireguard-interface.

 

[quakerdoomer]

Thanks for responding.
As far as I know bridges can be created with existing physical adapters . During boot my wireguard-tunnel (virtual) does not exist. It begins to exist after I execute wg-quick. How can I have a bridge without an interface at startup? How will the last 2 lines work from this ?? :

cloned_interfaces="bridge0 bridge1 bridge2 bridge3 tap10 tap11 tap12 tap13"
ifconfig_bridge0="addm em0 addm tap10"
ifconfig_bridge1="addm wlan0 addm tap11"
ifconfig_bridge2="addm wg-country0 addm tap12"
ifconfig_bridge3="addm wg-country1 addm tap13"

I need to be able to log in, bring up wg and then create a bridge .. any clue how do I achieve that?

 

[kjeacle]

You could try adding the Wireguard tunnel to the bridge in a PostUp= entry in the [Interface] section of your /usr/local/etc/wireguard/wg-countryX.conf files.

 

[abishai]

Today I updated my box to 13.2 and I've noticed that no wireguard ports are nesessary. You can easily adapt this solution to your needs. wg interface and bridge will be created at the same time, rc.d script will inject configuration.

My setup:

cloned_interfaces="wg0"
ifconfig_wg0="inet -your-ip-address-on-wg-interface/24 up"

#!/bin/sh

# PROVIDE: wireguard
# REQUIRE: NETWORK

# Add the following lines to /etc/rc.conf to enable `wireguard':
#
# wireguard_enable="YES"
#

. /etc/rc.subr

name="wireguard"
start_cmd="${name}_start"
stop_cmd=":"

load_rc_config "$name"
: ${wireguard_enable:=no}

wireguard_start()
{
    /usr/bin/wg setconf wg0 /usr/local/etc/wireguard/wg0.conf
}

run_rc_command "$1"

I know, the scripts a little bit rough, it's better to make interface configurable instead of hardcoded value, to my excuse, this file is autogenerated with ansible

 

[quakerdoomer]

Thank you for the responses.
Yes I had read the 13.2R Release announcement:

• The kernel wg(4) WireGuard driver is now available.

Guess I will have to upgrade to 13.2. I am awaiting 14R.. but that will be in September/Oct 2023.
Someday some of us might look back to this thread and maybe laugh, cry or reminisce this just the way we look at older posts about OSes of the gone era.

Thank you.