wireguard
The wg(4) driver provides Virtual Private Network (VPN) interfaces for the secure exchange of layer 3 traffic with other WireGuard peers using the WireGuard protocol.
howtos
https://dataswamp.org/~solene/2021-10-09-openbsd-wireguard-exit.html - native tools only
https://marcocetica.com/posts/wireguard_openbsd/ - ad-blocking dns with unbound
test
https://blockads.fivefilters.org - test ad-blocking
https://www.dnsleaktest.com - test ip leaking
https://dnssec-tools.org/test/ - test dnssec
examples
; cat /etc/hostname.wg0
wgkey $PRIVKEY # wg client privkey
wgpeer $PUBKEY wgendpoint $SERVER 443 wgaip 0.0.0.0/0 # wg server pubkey
inet 10.0.9.4/24 # wg client ip
wgrtable 0 # wg client talks to wg server via the default rdomain 0
rdomain 4 # but local users access wg tunnel via rdomain 4
up
!route -T4 add -net default 10.0.9.1 # rdomain 4's default route is the wg server
; route -T4 exec transmission-cli [...] # use rdomain 4