some more tweaks - www.codemadness.org - www.codemadness.org saait content files
HTML git clone git://git.codemadness.org/www.codemadness.org
DIR Log
DIR Files
DIR Refs
DIR README
DIR LICENSE
---
DIR commit 8f1468e0f98713d4d8bfc44638cf183c0423d6c9
DIR parent ca874c125feeab74204918d970e374388e97ddd9
HTML Author: Hiltjo Posthuma <hiltjo@codemadness.org>
Date: Sat, 28 Mar 2026 13:51:11 +0100
some more tweaks
Diffstat:
M output/atom_content.xml | 18 +++++++++---------
M output/atom_content_gopher.xml | 18 +++++++++---------
M output/jsonfeed_content.json | 2 +-
M output/jsonfeed_content_gopher.json | 2 +-
M output/phlog/wireguard | 18 +++++++++---------
M output/rss_content.xml | 18 +++++++++---------
M output/rss_content_gopher.xml | 18 +++++++++---------
M output/sfeed_content.tsv | 2 +-
M output/sfeed_content_gopher.tsv | 2 +-
M output/wireguard.html | 18 +++++++++---------
M output/wireguard.md | 18 +++++++++---------
M pages/wireguard.md | 18 +++++++++---------
12 files changed, 76 insertions(+), 76 deletions(-)
---
DIR diff --git a/output/atom_content.xml b/output/atom_content.xml
@@ -21,12 +21,12 @@
<p><strong>Last modification on </strong> <time>2026-03-28</time></p>
<p>Wireguard is a fast, modern and secure VPN tunnel.</p>
<p>Below is a guide to setup <a href="https://www.wireguard.com/">Wireguard</a> on the OpenBSD
-operating system intended for use with a mobile VPN.</p>
+operating system intended for use as a mobile VPN.</p>
<p>It describes using the OpenBSD Wireguard wg(4) kernel driver (not the userland
application) and will focus on setting up a IPv4 tunnel.</p>
<p>It is recommended to install wireguard-tools. Although not required for using
the OpenBSD wg(4) kernel driver they contain useful tools to generate a private
-and public key.</p>
+and public key (wg genkey, wg pubkey).</p>
<p>To install the wireguard-tools package on OpenBSD:</p>
<pre><code># pkg_add wireguard-tools
</code></pre>
@@ -55,7 +55,7 @@ wgpeer 'pubkey' wgaip 10.1.2.2/32 wgdescr 'phone' wgpsk 'psk_here'
public.key:</p>
<pre><code>$ wg genkey | tee private.key | wg pubkey > public.key
</code></pre>
-<p><strong>Keep the private key secure. Do not share it with anyone!</strong></p>
+<p><strong>!!! Keep the private key secure. Do not share it with anyone!!!</strong></p>
<h2>Generate a separate preshared key (PSK).</h2>
<p>Using a preshared key (PSK) is optional, but recommended. This is used in the
handshake to guard against future compromise of the peers' encrypted tunnel if
@@ -111,7 +111,7 @@ There are also other versions available on the page.</p>
the screen to add a tunnel.</p>
<h2>Option: "Scan from QR code"</h2>
<h3>Generate a QR code image from a client config</h3>
-<p>Install the libqrencode package for qrencode:</p>
+<p>Install the libqrencode package for the qrencode program:</p>
<pre><code># pkg_add libqrencode
</code></pre>
<p>Generate a QR code PNG image from a client config:</p>
@@ -131,9 +131,9 @@ and/or destroy it immediately.</p>
<p>Example conf file: <a href="downloads/openbsd-wg/client-example.conf">client-example.conf</a>.<br />
Example ZIP file: <a href="downloads/openbsd-wg/client-example.zip">client-example.zip</a>.</p>
<h3>Option: "Create from scratch"</h3>
-<p>Generating the private key on the device itself and sharing the public key and
-PSK is probably the safest option. Although sharing the public key text from a
-mobile device can be a bit annoying.</p>
+<p>Generating the private key on the device itself and sharing the <strong>public</strong> key
+and PSK is probably the safest option. Although sharing the public key text
+from a mobile device can be a bit annoying.</p>
<h2>Android settings</h2>
<p>Only allow connections and DNS using VPN:</p>
<ul>
@@ -142,7 +142,7 @@ Make sure Wireguard is set and enabled under VPN.</li>
</ul>
<p>VPN settings, open Wireguard cogwheel:
<ul>
-<li>Enable: Always on VPN option, with the description: "stay connected to VPN at all times".</li>
+<li>Enable: Always on VPN option, with the description: "Stay connected to VPN at all times".</li>
<li>Enable: Block connections without VPN.</li>
</ul>
</p>
@@ -194,7 +194,7 @@ key data to base64.</p>
</code></pre>
<p>Or even the magical voodoo commands:</p>
<pre><code>$ openssl rand -base64 32 > private.key
-$ (printf '\060\056\002\001\000\060\005\006\003\053\145\156\004\042\004\040';openssl enc -d -a -A < private.key) |
+$ (printf '\060\056\002\001\000\060\005\006\003\053\145\156\004\042\004\040';openssl enc -d -a -A < private.key) | \
openssl pkey -inform DER -pubout -outform DER | \
tail -c 32 | \
openssl enc -a -A > public.key
DIR diff --git a/output/atom_content_gopher.xml b/output/atom_content_gopher.xml
@@ -21,12 +21,12 @@
<p><strong>Last modification on </strong> <time>2026-03-28</time></p>
<p>Wireguard is a fast, modern and secure VPN tunnel.</p>
<p>Below is a guide to setup <a href="https://www.wireguard.com/">Wireguard</a> on the OpenBSD
-operating system intended for use with a mobile VPN.</p>
+operating system intended for use as a mobile VPN.</p>
<p>It describes using the OpenBSD Wireguard wg(4) kernel driver (not the userland
application) and will focus on setting up a IPv4 tunnel.</p>
<p>It is recommended to install wireguard-tools. Although not required for using
the OpenBSD wg(4) kernel driver they contain useful tools to generate a private
-and public key.</p>
+and public key (wg genkey, wg pubkey).</p>
<p>To install the wireguard-tools package on OpenBSD:</p>
<pre><code># pkg_add wireguard-tools
</code></pre>
@@ -55,7 +55,7 @@ wgpeer 'pubkey' wgaip 10.1.2.2/32 wgdescr 'phone' wgpsk 'psk_here'
public.key:</p>
<pre><code>$ wg genkey | tee private.key | wg pubkey > public.key
</code></pre>
-<p><strong>Keep the private key secure. Do not share it with anyone!</strong></p>
+<p><strong>!!! Keep the private key secure. Do not share it with anyone!!!</strong></p>
<h2>Generate a separate preshared key (PSK).</h2>
<p>Using a preshared key (PSK) is optional, but recommended. This is used in the
handshake to guard against future compromise of the peers' encrypted tunnel if
@@ -111,7 +111,7 @@ There are also other versions available on the page.</p>
the screen to add a tunnel.</p>
<h2>Option: "Scan from QR code"</h2>
<h3>Generate a QR code image from a client config</h3>
-<p>Install the libqrencode package for qrencode:</p>
+<p>Install the libqrencode package for the qrencode program:</p>
<pre><code># pkg_add libqrencode
</code></pre>
<p>Generate a QR code PNG image from a client config:</p>
@@ -131,9 +131,9 @@ and/or destroy it immediately.</p>
<p>Example conf file: <a href="downloads/openbsd-wg/client-example.conf">client-example.conf</a>.<br />
Example ZIP file: <a href="downloads/openbsd-wg/client-example.zip">client-example.zip</a>.</p>
<h3>Option: "Create from scratch"</h3>
-<p>Generating the private key on the device itself and sharing the public key and
-PSK is probably the safest option. Although sharing the public key text from a
-mobile device can be a bit annoying.</p>
+<p>Generating the private key on the device itself and sharing the <strong>public</strong> key
+and PSK is probably the safest option. Although sharing the public key text
+from a mobile device can be a bit annoying.</p>
<h2>Android settings</h2>
<p>Only allow connections and DNS using VPN:</p>
<ul>
@@ -142,7 +142,7 @@ Make sure Wireguard is set and enabled under VPN.</li>
</ul>
<p>VPN settings, open Wireguard cogwheel:
<ul>
-<li>Enable: Always on VPN option, with the description: "stay connected to VPN at all times".</li>
+<li>Enable: Always on VPN option, with the description: "Stay connected to VPN at all times".</li>
<li>Enable: Block connections without VPN.</li>
</ul>
</p>
@@ -194,7 +194,7 @@ key data to base64.</p>
</code></pre>
<p>Or even the magical voodoo commands:</p>
<pre><code>$ openssl rand -base64 32 > private.key
-$ (printf '\060\056\002\001\000\060\005\006\003\053\145\156\004\042\004\040';openssl enc -d -a -A < private.key) |
+$ (printf '\060\056\002\001\000\060\005\006\003\053\145\156\004\042\004\040';openssl enc -d -a -A < private.key) | \
openssl pkey -inform DER -pubout -outform DER | \
tail -c 32 | \
openssl enc -a -A > public.key
DIR diff --git a/output/jsonfeed_content.json b/output/jsonfeed_content.json
@@ -8,7 +8,7 @@
"title": "Wireguard on OpenBSD for use as a mobile VPN",
"url": "https://www.codemadness.org/wireguard.html",
"authors": [{"name": "Hiltjo"}],
codemadness.org:70 /git/www.codemadness.org/commit/8f1468e0f98713d4d8bfc44638cf183c0423d6c9.gph:167: line too long