IVPN on NetBSD

Last week, the VPN provider I previously used went dark for days and went back with no explanation. They have an history of not communicating much and their support does suck but TBH I almost never used it, nevertheless I felt it was time for a change. I asked on BlueSky for feedback and one of the suggestions caught my eye: IVPN.
They have very good reviews, support WireGuard and an OpenBSD developer worked there. Their documentation is very Linux-centric but very well put, yet -of course- it lacks examples for NetBSD. So here’s a simple way of setting up a WireGuard VPN with IVPN on NetBSD.

First create your WireGuard key pair:

# wg-keygen > /etc/wg/wg0
# wg-keygen --pub < /etc/wg/wg0 > /etc/wg/wg0.pub

Ensure wg module is loaded at boot time:

# echo if_wg >> /etc/modules.conf

To load it immediately:

# modload if_wg

As explained in IVPN terminal setup guide publish your previously public key on their interface and choose a server near you. Those 2 steps will provide:

1. Your private IP address
2. The endpoint public address
3. The endpoint public key

With those you’ll be able to setup a /etc/ifconfig.wg0 file which will bring your WireGuard interface up at boot time:

inet 172.18.29.8 netmask 255.255.255.255
!wgconfig wg0 set private-key /etc/wg/wg0
!wgconfig wg0 add peer ivpn <endpoint public key> --allowed-ips=0.0.0.0/0,::/0 --endpoint=<endpoint public IP>:<chosen port>
!route add -host <endpoint hostname> <your host gateway>
# possibly default route your traffic through the tunnel
!route add default 172.18.29.8

And voila, but don’t forget: VPN is not ultimate privacy.