I recently published my OpenBSD-Wireguard project on GitHub. There is now a published wireguard role, found in my OpenBSD Dev repo, found here. Compared to some of my other playbooks, this one is fairly simple. All it does is configure a fresh OpenBSD server to act as a wireguard server, to which multiple connections over one tun3 device are allowed.
I have tested multiple times deploying the playbook in minutes to a Vultr VM. By the way, I would eagerly recommend vultr to anyone looking for a fast yet cheap VPS solution. I have had zero problems while using their services the past few months.
The OpenBSD-Wireguard project can be installed on any running OpenBSD installation, though I would highly recommend only installing it on a new server build. The playbook will overwrite multiple system files, including but not limited to, pf.conf, unbound.conf and various network files. This could accidental cause issues if the playbook is ran on a production server. Use at your own discretion, or use
--check mode first!
I would like to go over a few of the configs deployed in playbook. I tried to configure as little as possible while ending up with a working wireguard server.
I have commented out a block of code for pf queuing, for possible future use, but for the initial release, I did not see the benefit.
Updated 4/27/2019: Added link to newer repo.