From: obsd@mulh.net
Subject: Re: Update stripcom function in netstart
To: tech@openbsd.org
Date: Fri, 5 Sep 2025 04:05:01 -0400

On 2025-09-04 22:44:30, Stuart Henderson wrote:
> i would recommend against using undocumented syntax in these files

Good advice, most should pkg_add wireguard-tools and use it to configure wireguard.
I'd rather stick to openbsd's base, it has everything needed and documented well.

After reading "man ifconfig" and "man wg" the hostname.if
would probibly have to look something like this:
(and this is where I started)

inet 192.0.2.1 0xffffff00
wgport 51820
wgkey A7NT9n6DIV6iLfdX0mRgcHgcCJPdvpSXanOMPV25xbQ=
wgpeer kk3TQeCO683Y2OaGkpFztWfKTaPez3bx0TbAPgRxs94= wgpsk V1cnMjMUyB3KthU3L2YXauQHcCM4beqtJfjQaFFm9C8= wgendpoint 198.51.100.42 51820 wgaip 192.0.2.2/32
wgpeer SFy0vTvtSlPOO7WFOf1lcqssziaw399vuafpH4tWgpA= wgpsk kNehxEObqhD6OqzLsvdyHCCBh2Ydc7ttpBQR4CkHW4I= wgendpoint 198.51.100.80 51820 wgaip 192.0.2.3/32

I just wantted to make my configuration easier to read and secure the keys.

"man hostname.if" has the line:
"Any lines not matching these packed formats are passed directly to ifconfig"
and this is confirmed with "sh netstart -n wg0".

/etc/netstart uses the shell to run ifconfig and it's the shell supporting "$()".
But none the less, it's my local config and my problem when it breaks.
I'd just hope if the parser gets updated it'll add include support.

> (especially for any interfaces you might rely on for accessing a remote
> system to fix it), in case the parser gets changed
>
> executing a script is documented so you could expect that to stay
> working or at least ger a warning in upgrade notes, e.g.

Great advise for aspiring admins to follow.
That's why everyone tests changes, upgrades, etc.  And keep backups!

Truely I appreciate all the work the OpenBSD devs do, always amazed!

Forgive me as I have strayed too far from my original message.