I would like to know if it is safe to follow the instructions to use vpn on the OpenBSD system. I just want to use vpn without connecting different devices.
“Safe” is not defined.
- Per this set of instructions, and however you personally define “safe,” you must trust ProtonVPN’s key provisioning, and more importantly, you must trust their unpublished key management processes and procedures they follow.
- The
wg-quickandwgtools noted in their guide are not necessary for most WireGuard implementations on OpenBSD, as the wg(4) driver is part of the kernel. If you want or need these tools, they are available in the third-partynet/wireguard-toolspackage. You will need to adapt ProtonVPN’s provided configuration file to the OS and your environment.
Would someone be so kind and show us an example of a working /etc/hostname.wg0 based on the config provided by ProtonVPN?
Just had an itch to find out myself yesterday… I moved the downloaded config as wg0.conf into the created /etc/wireguard and installed wireguard-tool… It works just fine with “wg-quick up wg0” as far I can tell…
Thank you for the answer. I do not define something specific as “safe”. I’m just trying to run a VPN on OpenBSD and beyond complex answers I’m looking for something simple. Do you have something clearer to suggest?
Thanks for saying that! Gratitude makes the world go round
Sorry I wasn’t clear enough. OpenBSD has a kernel-based WireGuard driver.
The driver can be provisioned to start automatically through a hostname.if(5) file, such as /etc/hostname.wg0. If you’re an OpenBSD user, you have probably provisioned one or more of these hostname.if(5) files. These files are read by the netstart(8) script during boot, and are primarily used to issue ifconfig(8) commands to provision network interfaces, including pseudo-interfaces such as wg(4).
There’s an example of issuing ifconfig(8) commands to provision wg(4) interfaces in the wg(4) man page, and the complete set of wg(4) provisioning options (wgkey, wgpeer, …) are defined in the ifconfig(8) man page.
The configuration file provided by your VPN service could be reviewed and the applicable contents placed into, for example, an /etc/hostname.wg0 file, which would then be used by netstart(8) to provision WireGuard on your OpenBSD platform.
You could, if you wished, install the wireguard-tools package, which may be able to automate provisioning. You will need to review the contents of the provided configuration file and adapt it if necessary. OpenBSD is not Linux, and any Linux-specific components will need to be revised or removed.
I forgot to mention that finally I do not even need ProtonVPN 
Ok, here we go! I read man pages and it was easier and more simple than I thought. I do not even need wireguard-tools package, which is optional (I didn’t know that) for OpenBSD. I set up /etc/hostname.wg0Thank you for your help
Can you post your /etc/hostname.wg0 without the credentials, please? Just for me to learn
thank you