After upgrading my system to FreeBSD 14.0, I've decided to finally try WireGuard. I didn't have to install it manually since it's now part of the FreeBSD kernel.

Rather than use wg(8) directly, I've decided to play around with wg-quick(8) (wireguard-tools package).

% pkg install wireguard-tools

WireGuard supports INI-like config files, see the example below (taken from the wg(8)).

[Interface]
PrivateKey = yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk=
ListenPort = 51820

[Peer]
PublicKey = xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=
Endpoint = 192.95.5.67:1234
AllowedIPs = 10.192.122.3/32, 10.192.124.1/24

I've put few config files from my provider inside /usr/local/etc/wireguard/. These files can be used to add and set up interfaces.

% wg-quick up /etc/wireguard/sample.conf

I can skip the full path and just use the config name.

% wg-quick up sample

This works because wg-quick looks for configs inside /usr/local/etc/wireguard/ directory.

When I'm done with the given interface I use wg-quick down to tear it down.

% wg-quick down sample

To show current WireGuard configuration and runtime information I simply call wg.