wireguard

The wg(4) driver provides Virtual Private Network (VPN) interfaces for the secure exchange of layer 3 traffic with other WireGuard peers using the WireGuard protocol.

howtos

https://dataswamp.org/~solene/2021-10-09-openbsd-wireguard-exit.html - native tools only

https://marcocetica.com/posts/wireguard_openbsd/ - ad-blocking dns with unbound

test

https://blockads.fivefilters.org - test ad-blocking

https://www.dnsleaktest.com - test ip leaking

https://dnssec-tools.org/test/ - test dnssec

examples

   ; cat /etc/hostname.wg0
   wgkey $PRIVKEY       # wg client privkey
   wgpeer $PUBKEY wgendpoint $SERVER 443 wgaip 0.0.0.0/0   # wg server pubkey
   inet 10.0.9.4/24     # wg client ip
   wgrtable 0    # wg client talks to wg server via the default rdomain 0
   rdomain 4     # but local users access wg tunnel via rdomain 4
   up
   !route -T4 add -net default 10.0.9.1      # rdomain 4's default route is the wg server
   ; route -T4 exec transmission-cli [...]   # use rdomain 4