jperkin: is it this one? tailscale.com

jperkin: Thanks for the advice, I have installed tailscale/wireguard-go/wireguard-tools in a zone, but can’t find example to config and use it

is there any docs or examples, a big thanks

jperkin: I find the latest version is 1.44, should it be upgrade for pkgsrc? thanks

tozhu: yes, though the current version should work fine - nahamu can probably provide an example config

jperkin: thanks, do you know where had the example configuration of wireguard on illumos/smartos ? or tailscale? I have installed tailscale, wireguard-go, wireguard-tools in a native zones, but have not found configuration example, I want to replace wireguare for my OpenBSD box which is running on Bhyve in SmartOS

a big thanks

tozhu: do you want to use tailscale or just wireguard-go?

If you have a tailscale account set up already, tailscale is almost disturbingly simple

pkgin in tailscale; svcadm enable tailscale; tailscale up

or at least that's pretty much how it should be.

and yes, the pkgsrc package needs an update (I've already done the rebase and tag, jperkin) but the current package should be fine to get started.

tozhu: feel free to ping me if you have additional questions.

I'm overdue to write a blog post on how to use the packaged versions on OmniOS and SmartOS.

nahamu : you can even set up your own headscale server (but in a hvm instance only)

also true.

nahamu: a big thanks for the answer, I’m going to run wireguard-go in smartos zones; I don’t have tailscale account

tozhu: ah, I'm less of an expert on the wireguard configurations.

did you use wg-quick on the openbsd machine?

nahamu: thank you for the help, I’m going to regist a account for tailscale

I ported wg-quick to illumos so you should be able to port the config if so.

wireguard configuration is very simple

sure, thank you very much

if you want to remove any keys from the config and gist it somewhere, I can take a look and see how much work is needed.

I think the package includes the wg-quick smf service so you should be able to create /etc/wireguard/mywg.conf and then `svcadm enable wg-quick:mywg`

(I really really need to consolidate the documentation, sigh.)

you use github.com/TritonDataCenter/smfgen ... to generate that ?

nahamu, a big thank, I’ll try it

nahamu: there is /opt/local/lib/svc/manifest/wireguard-tools.xml in the zone after install wireguard-tools-1.0.20210914 , is it the correct file to configure wireguard services ?

but there is nothing when run command: svcs -a |grep -i wireguard

nahamu: jperkin: would you please help to take a look what’s the issue so that can’t import the SMF pastebin.com/75cPH3Tm I installed wireguard-go-0.0.20220316 and wireguard-tools-1.0.20210914 from pkgin/pkgsrc, but can’t import the services

and here is my tun0.conf file for wireguard configuration for reference pastebin.com/wFMr1KJ1

tozhu: in a little bit. $work is currently grabbing my attention :)

okay, got it :)

tozhu: which zone image are you using?

image uuid: e44ed3e0-910b-11ed-a5d4-00151714048c

base-64-lts 22.4.0

yep, spinning up a test zone now.

the SMF should have been imported in a disabled state during install, sorry I can't take a look, I need to leave in a minute for a weekend away

if you still have the install output from pkgin it may have clues

just 2 commands:

svccfg -s wireguard-tools add tun0

jperkin: Thank you, and have nice weekend

svcadm enable wireguard-tools:tun

tozhu: those are the 2 commands you need to run

the actual tun device might be a different number; you can name that e.g. tunnel.cfg and use "tunnel" instead of "tun0"

after import it?

thank you, I’ll do a test

uh, I thought it was already imported... let me test again.

but yes, you could import the manifest if it's not imported.

jperkin: have a great weekend!

tozhu: did you get it to work?

nahamu: I have imported, but the state leaves maintenance

after command ‘svcadm enable wireguard-tools’

tozhu: svcadm clear wireguard-tools

and network interface tun0 is up , but leave 0.0.0.0/0

hmm

still leave the state ‘maintenance’ after ‘svcadm clear wireguard-tools’ command

thanks, first time attempting a 100k ultra marathon, insert straight-face erk smiley here - ping me on Monday nahamu and I'll update the packages to latest versions

jperkin: Good luck!

please don't die! :-)

and there is /etc/wireguard/tun0.conf

first let's rename that from tun0.conf to tunnel.conf

wg-quick will automatically detect the tun device number when it gets created.

nahamu: I have rename tun0.conf to tunnel.conf, then killed wireguard-go, and run ‘svcadm clear wireguard-tools’

but there is no new file generated in /etc/wireguard dir, and also there is no tunX interface by ifconfig command

"svccfg -s wireguard-tools delete tun0"

just to be safe

okay, thank you

on my machine wg-quick doesn't like the keys from your example.

nahamu: have run ‘svccfg -s wireguard-tools delete tun0’ command, and then re-run the command ‘svccfg -s wireguard-tools add tun0’ to import it, but leave the same status

don't add a tun0

if the file is named "tunnel.conf" add "tunnel"

okay, I’ll re-run

then you can see the errors with:

cat `svcs -L wireguard-tools:tunnel`

When I put in new keys, it works for me.

nahamu: here is my command log and screen dump pastebin.com/i7VnWbHk would you please show me your configuration in /etc/wireguard/XXX.conf ?

yup, one moment.

and this zone is a local zone, it is not a global zone

you might have a dangling wireguard-go process you should kill.

pkill wireguard-go

need a few more minutes.

tozhu: can you create a fresh zone and try out this script? gist.github.com/nshalman/25a7adb26d29a67e98bb03b4f72f9913

If that works, you should be able to adapt the resulting config file to work for you.

nahamu: Thank you very much

Thank you

My wg-quick might be messing up with /32 at the end of IP addresses in certain places.

okay, thanks again for the great help

please let me know in the end what you had to do to get it working.

sure, I’ll test it in this weekend, and then feedback to you the status, thanks again

sounds good. good luck tozhu!