Thank you both! I must have been tired and missed it when I read the man page
On Sun, 30 Nov 2025 at 21:22, Atanas Vladimirov <[email protected]> wrote: > Hi, > > On 2025-11-30 21:45, Pierre Peyronnel wrote: > > Hello misc, > > > > I set up an OpenBSD Wireguard client connecting to my existing OpenBSD > > Wireguard server. > > It connects, but I'd like to have several subnets allowed, and I can't > > figure out the appropriate syntax. > > I'd like the equivalent of : > > > > AllowedIPs = 172.16.20.0/24, 172.16.17.0/24 > > > > my hostname.wg0 currently looks like: > > > > # cat /etc/hostname.wg0 > > > > #server > > wgpeer '(redacted)' wgendpoint (redacted).org 51820 wgaip 10.1.1.0/24 > > wgpsk > > '(redacted)' > > > > # setting VPN address > > inet 10.1.1.100 255.255.255.0 > > up > > > > # adding route > > !/sbin/route add -inet 10.1.1.0/24 10.1.1.206 > > !/sbin/route add -inet 172.16.17.0/24 10.1.1.206 > > > > Which works, I can ping the server at 10.1.1.206, but any variation I > > have > > tried on wgaip (for example: wgaip '10.1.1.0/24, 172.16.17.0/24') fails > > with : > > This is from the ifconfig(8) man page: > > wgaip allowed-ip_address/prefix > Set the peer's IPv4 or IPv6 allowed-ip_address range for > tunneled > traffic. Repeat the option to set multiple ranges. By > default, > no addresses are allowed. > > So, you have to do `wgaip 10.1.1.0/24 wgaip 172.16.17.0/24` > <http://172.16.17.0/24> > > > > > # sh /etc/netstart > > ifconfig: wgaip: bad address > > > > I cannot find out the appropriate syntax for wgaip to use in the > > hostname.if format. > > I tried the man and some searching but always found a wireguard-tools > > syntax. > > > > Thanks for your help, > > Pierre >
