START	sys/net/wg	2024-06-26T04:40:23Z

==== ifconfig ====
openssl rand -base64 32 -out 11.key
rm -f 11.pub.tmp
ifconfig wg11 create || true
ifconfig wg11 wgkey "`cat 11.key`"
ifconfig wg11 | awk '/wgpubkey/{print $2}' >11.pub.tmp
mv 11.pub.tmp 11.pub
openssl rand -base64 32 -out 12.key
rm -f 12.pub.tmp
ifconfig wg12 create || true
ifconfig wg12 wgkey "`cat 12.key`"
ifconfig wg12 | awk '/wgpubkey/{print $2}' >12.pub.tmp
mv 12.pub.tmp 12.pub
openssl rand -base64 32 -out 13.key
rm -f 13.pub.tmp
ifconfig wg13 create || true
ifconfig wg13 wgkey "`cat 13.key`"
ifconfig wg13 | awk '/wgpubkey/{print $2}' >13.pub.tmp
mv 13.pub.tmp 13.pub
openssl rand -base64 32 -out 14.key
rm -f 14.pub.tmp
ifconfig wg14 create || true
ifconfig wg14 wgkey "`cat 14.key`"
ifconfig wg14 | awk '/wgpubkey/{print $2}' >14.pub.tmp
mv 14.pub.tmp 14.pub
# destroy WireGuard and routing domain loopback interfaces
ifconfig wg11 destroy
ifconfig lo11 destroy
ifconfig: lo11: SIOCIFDESTROY: Device not configured
*** Error 1 in target 'unconfig' (ignored)
ifconfig wg12 destroy
ifconfig lo12 destroy
ifconfig: lo12: SIOCIFDESTROY: Device not configured
*** Error 1 in target 'unconfig' (ignored)
ifconfig wg13 destroy
ifconfig lo13 destroy
ifconfig: lo13: SIOCIFDESTROY: Device not configured
*** Error 1 in target 'unconfig' (ignored)
ifconfig wg14 destroy
ifconfig lo14 destroy
ifconfig: lo14: SIOCIFDESTROY: Device not configured
*** Error 1 in target 'unconfig' (ignored)
# create and configure WireGuard interfaces
ifconfig wg11  create  wgport 211  wgkey "`cat 11.key`"  rdomain 11
ifconfig wg12  create  wgport 212  wgkey "`cat 12.key`"  rdomain 12
ifconfig wg13  create  wgport 213  wgkey "`cat 13.key`"  rdomain 13
ifconfig wg14  create  wgport 214  wgkey "`cat 14.key`"  rdomain 14
# local SRC, foreign DST, tunnel 4
ifconfig wg11  wgpeer "`cat 12.pub`"  wgendpoint 127.0.0.1 212  wgaip 10.188.44.2/32  wgaip fdd7:e83e:66bc:46::2/128
# local SRC, foreign DST, tunnel 6
ifconfig wg13  wgpeer "`cat 14.pub`"  wgendpoint ::1 214  wgaip 10.188.64.2/32  wgaip fdd7:e83e:66bc:66::2/128
# local SRC, foreign DST, tunnel 4
ifconfig wg11  inet 10.188.44.1/24 alias
ifconfig wg11  inet6 fdd7:e83e:66bc:46::1/64 alias
# local SRC, foreign DST, tunnel 6
ifconfig wg13  inet 10.188.64.1/24 alias
ifconfig wg13  inet6 fdd7:e83e:66bc:66::1/64 alias
# local DST, foreign SRC, tunnel 4
ifconfig wg12  wgpeer "`cat 11.pub`"  wgendpoint 127.0.0.1 211  wgaip 10.188.44.1/32  wgaip fdd7:e83e:66bc:46::1/128
# local DST, foreign SRC, tunnel 6
ifconfig wg14  wgpeer "`cat 13.pub`"  wgendpoint ::1 213  wgaip 10.188.64.1/32  wgaip fdd7:e83e:66bc:66::1/128
# local DST, foreign SRC, tunnel 4
ifconfig wg12  inet 10.188.44.2/24 alias
ifconfig wg12  inet6 fdd7:e83e:66bc:46::2/64 alias
# local DST, foreign SRC, tunnel 6
ifconfig wg14  inet 10.188.64.2/24 alias
ifconfig wg14  inet6 fdd7:e83e:66bc:66::2/64 alias
sleep 1  # Wait until DAD for inet6 tunnel addresses has finished.

==== run-route-tunnel4-addr4-src-dst ====
# Get route to local address.
/sbin/route -n -T 11 get 10.188.44.1 |  grep 'interface: wg11$'
  interface: wg11
/sbin/route -n -T 11 get 10.188.44.1 |  grep 'flags: .*,LOCAL'
      flags: <UP,HOST,DONE,LLINFO,LOCAL>
# Get route to foreign address.
/sbin/route -n -T 11 get 10.188.44.2 |  grep 'interface: wg11$'
  interface: wg11
/sbin/route -n -T 11 get 10.188.44.2 |  grep 'flags: .*,CLON'
      flags: <UP,DONE,CLONING,CONNECTED>

==== run-ping-tunnel4-addr4-src-dst ====
# Ping local address.
/sbin/ping -n -w 1 -c 1 -V 11 10.188.44.1
PING 10.188.44.1 (10.188.44.1): 56 data bytes
64 bytes from 10.188.44.1: icmp_seq=0 ttl=255 time=0.239 ms

--- 10.188.44.1 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.239/0.239/0.239/0.000 ms
# Ping foreign address.
tcpdump -ni lo0 -w wg.pcap  ip and udp port 211 or 212 or 213 or 214 or 0 &
sleep 1  # Wait until tcpdump is up.
tcpdump: listening on lo0, link-type LOOP
/sbin/ping -n -w 1 -c 1 -V 11 10.188.44.2
PING 10.188.44.2 (10.188.44.2): 56 data bytes
64 bytes from 10.188.44.2: icmp_seq=0 ttl=255 time=9.319 ms

--- 10.188.44.2 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 9.319/9.319/9.319/0.000 ms
sleep 1  # Wait until tcpdump has captured traffic.
pkill -xf 'tcpdump -ni lo0 -w wg.pcap .*'

5 packets received by filter
0 packets dropped by kernel
# Check WireGuard encrypted traffic
/usr/sbin/tcpdump -n -r wg.pcap |  fgrep ': [wg] data '
06:40:27.621510 127.0.0.1.211 > 127.0.0.1.212: [wg] data length 96 to 0x291e50dd nonce 0
06:40:27.621789 127.0.0.1.212 > 127.0.0.1.211: [wg] data length 96 to 0xeeac27a1 nonce 1

==== run-badkey-tunnel4-addr4-src-dst ====
openssl rand -base64 32 -out bad.key
# Ping foreign address with bad key.
ifconfig wg11  wgkey "`cat bad.key`"
! /sbin/ping -n -w 1 -c 1 -V 11 10.188.44.2
PING 10.188.44.2 (10.188.44.2): 56 data bytes

--- 10.188.44.2 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
# Restore key and test it.
ifconfig wg11  wgkey "`cat 11.key`"
/sbin/ping -n -w 1 -c 1 -V 11 10.188.44.2
PING 10.188.44.2 (10.188.44.2): 56 data bytes
64 bytes from 10.188.44.2: icmp_seq=0 ttl=255 time=9.351 ms

--- 10.188.44.2 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 9.351/9.351/9.351/0.000 ms

==== run-route-tunnel4-addr4-dst-src ====
# Get route to local address.
/sbin/route -n -T 12 get 10.188.44.2 |  grep 'interface: wg12$'
  interface: wg12
/sbin/route -n -T 12 get 10.188.44.2 |  grep 'flags: .*,LOCAL'
      flags: <UP,HOST,DONE,LLINFO,LOCAL>
# Get route to foreign address.
/sbin/route -n -T 12 get 10.188.44.1 |  grep 'interface: wg12$'
  interface: wg12
/sbin/route -n -T 12 get 10.188.44.1 |  grep 'flags: .*,CLON'
      flags: <UP,HOST,DONE,CLONED>

==== run-ping-tunnel4-addr4-dst-src ====
# Ping local address.
/sbin/ping -n -w 1 -c 1 -V 12 10.188.44.2
PING 10.188.44.2 (10.188.44.2): 56 data bytes
64 bytes from 10.188.44.2: icmp_seq=0 ttl=255 time=0.246 ms

--- 10.188.44.2 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.246/0.246/0.246/0.000 ms
# Ping foreign address.
tcpdump -ni lo0 -w wg.pcap  ip and udp port 211 or 212 or 213 or 214 or 0 &
sleep 1  # Wait until tcpdump is up.
tcpdump: listening on lo0, link-type LOOP
/sbin/ping -n -w 1 -c 1 -V 12 10.188.44.1
PING 10.188.44.1 (10.188.44.1): 56 data bytes
64 bytes from 10.188.44.1: icmp_seq=0 ttl=255 time=0.673 ms

--- 10.188.44.1 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.673/0.673/0.673/0.000 ms
sleep 1  # Wait until tcpdump has captured traffic.
pkill -xf 'tcpdump -ni lo0 -w wg.pcap .*'

2 packets received by filter
0 packets dropped by kernel
# Check WireGuard encrypted traffic
/usr/sbin/tcpdump -n -r wg.pcap |  fgrep ': [wg] data '
06:40:32.432716 127.0.0.1.212 > 127.0.0.1.211: [wg] data length 96 to 0x6216e777 nonce 3
06:40:32.432975 127.0.0.1.211 > 127.0.0.1.212: [wg] data length 96 to 0xf968df91 nonce 2

==== run-badkey-tunnel4-addr4-dst-src ====
# Ping foreign address with bad key.
ifconfig wg12  wgkey "`cat bad.key`"
! /sbin/ping -n -w 1 -c 1 -V 12 10.188.44.1
PING 10.188.44.1 (10.188.44.1): 56 data bytes

--- 10.188.44.1 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
# Restore key and test it.
ifconfig wg12  wgkey "`cat 12.key`"
/sbin/ping -n -w 1 -c 1 -V 12 10.188.44.1
PING 10.188.44.1 (10.188.44.1): 56 data bytes
64 bytes from 10.188.44.1: icmp_seq=0 ttl=255 time=9.345 ms

--- 10.188.44.1 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 9.345/9.345/9.345/0.000 ms

==== run-route-tunnel4-addr6-src-dst ====
# Get route to local address.
/sbin/route -n -T 11 get fdd7:e83e:66bc:46::1 |  grep 'interface: wg11$'
  interface: wg11
/sbin/route -n -T 11 get fdd7:e83e:66bc:46::1 |  grep 'flags: .*,LOCAL'
      flags: <UP,HOST,DONE,LLINFO,LOCAL>
# Get route to foreign address.
/sbin/route -n -T 11 get fdd7:e83e:66bc:46::2 |  grep 'interface: wg11$'
  interface: wg11
/sbin/route -n -T 11 get fdd7:e83e:66bc:46::2 |  grep 'flags: .*,CLON'
      flags: <UP,DONE,CLONING,CONNECTED>

==== run-ping-tunnel4-addr6-src-dst ====
# Ping local address.
/sbin/ping6 -n -w 1 -c 1 -V 11 fdd7:e83e:66bc:46::1
PING fdd7:e83e:66bc:46::1 (fdd7:e83e:66bc:46::1): 56 data bytes
64 bytes from fdd7:e83e:66bc:46::1: icmp_seq=0 hlim=64 time=0.315 ms

--- fdd7:e83e:66bc:46::1 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.315/0.315/0.315/0.000 ms
# Ping foreign address.
tcpdump -ni lo0 -w wg.pcap  ip and udp port 211 or 212 or 213 or 214 or 0 &
sleep 1  # Wait until tcpdump is up.
tcpdump: listening on lo0, link-type LOOP
/sbin/ping6 -n -w 1 -c 1 -V 11 fdd7:e83e:66bc:46::2
PING fdd7:e83e:66bc:46::2 (fdd7:e83e:66bc:46::2): 56 data bytes
64 bytes from fdd7:e83e:66bc:46::2: icmp_seq=0 hlim=64 time=0.853 ms

--- fdd7:e83e:66bc:46::2 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.853/0.853/0.853/0.000 ms
sleep 1  # Wait until tcpdump has captured traffic.
pkill -xf 'tcpdump -ni lo0 -w wg.pcap .*'

2 packets received by filter
0 packets dropped by kernel
# Check WireGuard encrypted traffic
/usr/sbin/tcpdump -n -r wg.pcap |  fgrep ': [wg] data '
06:40:37.220413 127.0.0.1.211 > 127.0.0.1.212: [wg] data length 112 to 0x78ea5c0c nonce 3
06:40:37.220791 127.0.0.1.212 > 127.0.0.1.211: [wg] data length 112 to 0x44ff3003 nonce 2

==== run-badkey-tunnel4-addr6-src-dst ====
# Ping foreign address with bad key.
ifconfig wg11  wgkey "`cat bad.key`"
! /sbin/ping6 -n -w 1 -c 1 -V 11 fdd7:e83e:66bc:46::2
PING fdd7:e83e:66bc:46::2 (fdd7:e83e:66bc:46::2): 56 data bytes

--- fdd7:e83e:66bc:46::2 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
# Restore key and test it.
ifconfig wg11  wgkey "`cat 11.key`"
/sbin/ping6 -n -w 1 -c 1 -V 11 fdd7:e83e:66bc:46::2
PING fdd7:e83e:66bc:46::2 (fdd7:e83e:66bc:46::2): 56 data bytes
64 bytes from fdd7:e83e:66bc:46::2: icmp_seq=0 hlim=64 time=9.836 ms

--- fdd7:e83e:66bc:46::2 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 9.836/9.836/9.836/0.000 ms

==== run-route-tunnel4-addr6-dst-src ====
# Get route to local address.
/sbin/route -n -T 12 get fdd7:e83e:66bc:46::2 |  grep 'interface: wg12$'
  interface: wg12
/sbin/route -n -T 12 get fdd7:e83e:66bc:46::2 |  grep 'flags: .*,LOCAL'
      flags: <UP,HOST,DONE,LLINFO,LOCAL>
# Get route to foreign address.
/sbin/route -n -T 12 get fdd7:e83e:66bc:46::1 |  grep 'interface: wg12$'
  interface: wg12
/sbin/route -n -T 12 get fdd7:e83e:66bc:46::1 |  grep 'flags: .*,CLON'
      flags: <UP,HOST,DONE,CLONED>

==== run-ping-tunnel4-addr6-dst-src ====
# Ping local address.
/sbin/ping6 -n -w 1 -c 1 -V 12 fdd7:e83e:66bc:46::2
PING fdd7:e83e:66bc:46::2 (fdd7:e83e:66bc:46::2): 56 data bytes
64 bytes from fdd7:e83e:66bc:46::2: icmp_seq=0 hlim=64 time=0.316 ms

--- fdd7:e83e:66bc:46::2 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.316/0.316/0.316/0.000 ms
# Ping foreign address.
tcpdump -ni lo0 -w wg.pcap  ip and udp port 211 or 212 or 213 or 214 or 0 &
sleep 1  # Wait until tcpdump is up.
tcpdump: listening on lo0, link-type LOOP
/sbin/ping6 -n -w 1 -c 1 -V 12 fdd7:e83e:66bc:46::1
PING fdd7:e83e:66bc:46::1 (fdd7:e83e:66bc:46::1): 56 data bytes
64 bytes from fdd7:e83e:66bc:46::1: icmp_seq=0 hlim=64 time=0.763 ms

--- fdd7:e83e:66bc:46::1 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.763/0.763/0.763/0.000 ms
sleep 1  # Wait until tcpdump has captured traffic.
pkill -xf 'tcpdump -ni lo0 -w wg.pcap .*'

2 packets received by filter
0 packets dropped by kernel
# Check WireGuard encrypted traffic
/usr/sbin/tcpdump -n -r wg.pcap |  fgrep ': [wg] data '
06:40:42.030755 127.0.0.1.212 > 127.0.0.1.211: [wg] data length 112 to 0x9e533920 nonce 3
06:40:42.031097 127.0.0.1.211 > 127.0.0.1.212: [wg] data length 112 to 0xfdf87b38 nonce 2

==== run-badkey-tunnel4-addr6-dst-src ====
# Ping foreign address with bad key.
ifconfig wg12  wgkey "`cat bad.key`"
! /sbin/ping6 -n -w 1 -c 1 -V 12 fdd7:e83e:66bc:46::1
PING fdd7:e83e:66bc:46::1 (fdd7:e83e:66bc:46::1): 56 data bytes

--- fdd7:e83e:66bc:46::1 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
# Restore key and test it.
ifconfig wg12  wgkey "`cat 12.key`"
/sbin/ping6 -n -w 1 -c 1 -V 12 fdd7:e83e:66bc:46::1
PING fdd7:e83e:66bc:46::1 (fdd7:e83e:66bc:46::1): 56 data bytes
64 bytes from fdd7:e83e:66bc:46::1: icmp_seq=0 hlim=64 time=9.476 ms

--- fdd7:e83e:66bc:46::1 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 9.476/9.476/9.476/0.000 ms

==== run-route-tunnel6-addr4-src-dst ====
# Get route to local address.
/sbin/route -n -T 13 get 10.188.64.1 |  grep 'interface: wg13$'
  interface: wg13
/sbin/route -n -T 13 get 10.188.64.1 |  grep 'flags: .*,LOCAL'
      flags: <UP,HOST,DONE,LLINFO,LOCAL>
# Get route to foreign address.
/sbin/route -n -T 13 get 10.188.64.2 |  grep 'interface: wg13$'
  interface: wg13
/sbin/route -n -T 13 get 10.188.64.2 |  grep 'flags: .*,CLON'
      flags: <UP,DONE,CLONING,CONNECTED>

==== run-ping-tunnel6-addr4-src-dst ====
# Ping local address.
/sbin/ping -n -w 1 -c 1 -V 13 10.188.64.1
PING 10.188.64.1 (10.188.64.1): 56 data bytes
64 bytes from 10.188.64.1: icmp_seq=0 ttl=255 time=0.265 ms

--- 10.188.64.1 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.265/0.265/0.265/0.000 ms
# Ping foreign address.
tcpdump -ni lo0 -w wg.pcap  ip6 and udp port 211 or 212 or 213 or 214 or 0 &
sleep 1  # Wait until tcpdump is up.
tcpdump: listening on lo0, link-type LOOP
/sbin/ping -n -w 1 -c 1 -V 13 10.188.64.2
PING 10.188.64.2 (10.188.64.2): 56 data bytes
64 bytes from 10.188.64.2: icmp_seq=0 ttl=255 time=9.403 ms

--- 10.188.64.2 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 9.403/9.403/9.403/0.000 ms
sleep 1  # Wait until tcpdump has captured traffic.
pkill -xf 'tcpdump -ni lo0 -w wg.pcap .*'

5 packets received by filter
0 packets dropped by kernel
# Check WireGuard encrypted traffic
/usr/sbin/tcpdump -n -r wg.pcap |  fgrep ': [wg] data '
06:40:46.830862 ::1.213 > ::1.214: [wg] data length 96 to 0xf49caf37 nonce 0
06:40:46.831210 ::1.214 > ::1.213: [wg] data length 96 to 0x84e764e7 nonce 1

==== run-badkey-tunnel6-addr4-src-dst ====
# Ping foreign address with bad key.
ifconfig wg13  wgkey "`cat bad.key`"
! /sbin/ping -n -w 1 -c 1 -V 13 10.188.64.2
PING 10.188.64.2 (10.188.64.2): 56 data bytes

--- 10.188.64.2 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
# Restore key and test it.
ifconfig wg13  wgkey "`cat 13.key`"
/sbin/ping -n -w 1 -c 1 -V 13 10.188.64.2
PING 10.188.64.2 (10.188.64.2): 56 data bytes
64 bytes from 10.188.64.2: icmp_seq=0 ttl=255 time=9.444 ms

--- 10.188.64.2 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 9.444/9.444/9.444/0.000 ms

==== run-route-tunnel6-addr4-dst-src ====
# Get route to local address.
/sbin/route -n -T 14 get 10.188.64.2 |  grep 'interface: wg14$'
  interface: wg14
/sbin/route -n -T 14 get 10.188.64.2 |  grep 'flags: .*,LOCAL'
      flags: <UP,HOST,DONE,LLINFO,LOCAL>
# Get route to foreign address.
/sbin/route -n -T 14 get 10.188.64.1 |  grep 'interface: wg14$'
  interface: wg14
/sbin/route -n -T 14 get 10.188.64.1 |  grep 'flags: .*,CLON'
      flags: <UP,HOST,DONE,CLONED>

==== run-ping-tunnel6-addr4-dst-src ====
# Ping local address.
/sbin/ping -n -w 1 -c 1 -V 14 10.188.64.2
PING 10.188.64.2 (10.188.64.2): 56 data bytes
64 bytes from 10.188.64.2: icmp_seq=0 ttl=255 time=0.241 ms

--- 10.188.64.2 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.241/0.241/0.241/0.000 ms
# Ping foreign address.
tcpdump -ni lo0 -w wg.pcap  ip6 and udp port 211 or 212 or 213 or 214 or 0 &
sleep 1  # Wait until tcpdump is up.
tcpdump: listening on lo0, link-type LOOP
/sbin/ping -n -w 1 -c 1 -V 14 10.188.64.1
PING 10.188.64.1 (10.188.64.1): 56 data bytes
64 bytes from 10.188.64.1: icmp_seq=0 ttl=255 time=0.731 ms

--- 10.188.64.1 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.731/0.731/0.731/0.000 ms
sleep 1  # Wait until tcpdump has captured traffic.
pkill -xf 'tcpdump -ni lo0 -w wg.pcap .*'

2 packets received by filter
0 packets dropped by kernel
# Check WireGuard encrypted traffic
/usr/sbin/tcpdump -n -r wg.pcap |  fgrep ': [wg] data '
06:40:51.602258 ::1.214 > ::1.213: [wg] data length 96 to 0xcf241b1a nonce 3
06:40:51.602579 ::1.213 > ::1.214: [wg] data length 96 to 0xf24cda73 nonce 2

==== run-badkey-tunnel6-addr4-dst-src ====
# Ping foreign address with bad key.
ifconfig wg14  wgkey "`cat bad.key`"
! /sbin/ping -n -w 1 -c 1 -V 14 10.188.64.1
PING 10.188.64.1 (10.188.64.1): 56 data bytes

--- 10.188.64.1 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
# Restore key and test it.
ifconfig wg14  wgkey "`cat 14.key`"
/sbin/ping -n -w 1 -c 1 -V 14 10.188.64.1
PING 10.188.64.1 (10.188.64.1): 56 data bytes
64 bytes from 10.188.64.1: icmp_seq=0 ttl=255 time=9.430 ms

--- 10.188.64.1 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 9.430/9.430/9.430/0.000 ms

==== run-route-tunnel6-addr6-src-dst ====
# Get route to local address.
/sbin/route -n -T 13 get fdd7:e83e:66bc:66::1 |  grep 'interface: wg13$'
  interface: wg13
/sbin/route -n -T 13 get fdd7:e83e:66bc:66::1 |  grep 'flags: .*,LOCAL'
      flags: <UP,HOST,DONE,LLINFO,LOCAL>
# Get route to foreign address.
/sbin/route -n -T 13 get fdd7:e83e:66bc:66::2 |  grep 'interface: wg13$'
  interface: wg13
/sbin/route -n -T 13 get fdd7:e83e:66bc:66::2 |  grep 'flags: .*,CLON'
      flags: <UP,DONE,CLONING,CONNECTED>

==== run-ping-tunnel6-addr6-src-dst ====
# Ping local address.
/sbin/ping6 -n -w 1 -c 1 -V 13 fdd7:e83e:66bc:66::1
PING fdd7:e83e:66bc:66::1 (fdd7:e83e:66bc:66::1): 56 data bytes
64 bytes from fdd7:e83e:66bc:66::1: icmp_seq=0 hlim=64 time=0.316 ms

--- fdd7:e83e:66bc:66::1 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.316/0.316/0.316/0.000 ms
# Ping foreign address.
tcpdump -ni lo0 -w wg.pcap  ip6 and udp port 211 or 212 or 213 or 214 or 0 &
sleep 1  # Wait until tcpdump is up.
tcpdump: listening on lo0, link-type LOOP
/sbin/ping6 -n -w 1 -c 1 -V 13 fdd7:e83e:66bc:66::2
PING fdd7:e83e:66bc:66::2 (fdd7:e83e:66bc:66::2): 56 data bytes
64 bytes from fdd7:e83e:66bc:66::2: icmp_seq=0 hlim=64 time=0.864 ms

--- fdd7:e83e:66bc:66::2 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.864/0.864/0.864/0.000 ms
sleep 1  # Wait until tcpdump has captured traffic.
pkill -xf 'tcpdump -ni lo0 -w wg.pcap .*'

3 packets received by filter
0 packets dropped by kernel
# Check WireGuard encrypted traffic
/usr/sbin/tcpdump -n -r wg.pcap |  fgrep ': [wg] data '
06:40:56.400337 ::1.213 > ::1.214: [wg] data length 112 to 0xa7b25384 nonce 3
06:40:56.400723 ::1.214 > ::1.213: [wg] data length 112 to 0x7c32542a nonce 2

==== run-badkey-tunnel6-addr6-src-dst ====
# Ping foreign address with bad key.
ifconfig wg13  wgkey "`cat bad.key`"
! /sbin/ping6 -n -w 1 -c 1 -V 13 fdd7:e83e:66bc:66::2
PING fdd7:e83e:66bc:66::2 (fdd7:e83e:66bc:66::2): 56 data bytes

--- fdd7:e83e:66bc:66::2 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
# Restore key and test it.
ifconfig wg13  wgkey "`cat 13.key`"
/sbin/ping6 -n -w 1 -c 1 -V 13 fdd7:e83e:66bc:66::2
PING fdd7:e83e:66bc:66::2 (fdd7:e83e:66bc:66::2): 56 data bytes
64 bytes from fdd7:e83e:66bc:66::2: icmp_seq=0 hlim=64 time=9.535 ms

--- fdd7:e83e:66bc:66::2 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 9.535/9.535/9.535/0.000 ms

==== run-route-tunnel6-addr6-dst-src ====
# Get route to local address.
/sbin/route -n -T 14 get fdd7:e83e:66bc:66::2 |  grep 'interface: wg14$'
  interface: wg14
/sbin/route -n -T 14 get fdd7:e83e:66bc:66::2 |  grep 'flags: .*,LOCAL'
      flags: <UP,HOST,DONE,LLINFO,LOCAL>
# Get route to foreign address.
/sbin/route -n -T 14 get fdd7:e83e:66bc:66::1 |  grep 'interface: wg14$'
  interface: wg14
/sbin/route -n -T 14 get fdd7:e83e:66bc:66::1 |  grep 'flags: .*,CLON'
      flags: <UP,HOST,DONE,CLONED>

==== run-ping-tunnel6-addr6-dst-src ====
# Ping local address.
/sbin/ping6 -n -w 1 -c 1 -V 14 fdd7:e83e:66bc:66::2
PING fdd7:e83e:66bc:66::2 (fdd7:e83e:66bc:66::2): 56 data bytes
64 bytes from fdd7:e83e:66bc:66::2: icmp_seq=0 hlim=64 time=0.313 ms

--- fdd7:e83e:66bc:66::2 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.313/0.313/0.313/0.000 ms
# Ping foreign address.
tcpdump -ni lo0 -w wg.pcap  ip6 and udp port 211 or 212 or 213 or 214 or 0 &
sleep 1  # Wait until tcpdump is up.
tcpdump: listening on lo0, link-type LOOP
/sbin/ping6 -n -w 1 -c 1 -V 14 fdd7:e83e:66bc:66::1
PING fdd7:e83e:66bc:66::1 (fdd7:e83e:66bc:66::1): 56 data bytes
64 bytes from fdd7:e83e:66bc:66::1: icmp_seq=0 hlim=64 time=0.758 ms

--- fdd7:e83e:66bc:66::1 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.758/0.758/0.758/0.000 ms
sleep 1  # Wait until tcpdump has captured traffic.
pkill -xf 'tcpdump -ni lo0 -w wg.pcap .*'

2 packets received by filter
0 packets dropped by kernel
# Check WireGuard encrypted traffic
/usr/sbin/tcpdump -n -r wg.pcap |  fgrep ': [wg] data '
06:41:01.230212 ::1.214 > ::1.213: [wg] data length 112 to 0xba16b6fb nonce 3
06:41:01.230555 ::1.213 > ::1.214: [wg] data length 112 to 0xc86dfb08 nonce 2

==== run-badkey-tunnel6-addr6-dst-src ====
# Ping foreign address with bad key.
ifconfig wg14  wgkey "`cat bad.key`"
! /sbin/ping6 -n -w 1 -c 1 -V 14 fdd7:e83e:66bc:66::1
PING fdd7:e83e:66bc:66::1 (fdd7:e83e:66bc:66::1): 56 data bytes

--- fdd7:e83e:66bc:66::1 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
# Restore key and test it.
ifconfig wg14  wgkey "`cat 14.key`"
/sbin/ping6 -n -w 1 -c 1 -V 14 fdd7:e83e:66bc:66::1
PING fdd7:e83e:66bc:66::1 (fdd7:e83e:66bc:66::1): 56 data bytes
64 bytes from fdd7:e83e:66bc:66::1: icmp_seq=0 hlim=64 time=9.519 ms

--- fdd7:e83e:66bc:66::1 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 9.519/9.519/9.519/0.000 ms

==== unconfig ====
# destroy WireGuard and routing domain loopback interfaces
ifconfig wg11 destroy
ifconfig lo11 destroy
ifconfig wg12 destroy
ifconfig lo12 destroy
ifconfig wg13 destroy
ifconfig lo13 destroy
ifconfig wg14 destroy
ifconfig lo14 destroy

PASS	sys/net/wg	Duration 0m41.95s