diff --git a/ipn/ipnauth/ipnauth.go b/ipn/ipnauth/ipnauth.go
index e6560570c..513daf5b3 100644
--- a/ipn/ipnauth/ipnauth.go
+++ b/ipn/ipnauth/ipnauth.go
@@ -64,7 +64,7 @@ type ConnIdentity struct {
 
 	// Fields used when NotWindows:
 	isUnixSock bool            // Conn is a *net.UnixConn
-	creds      *peercred.Creds // or nil
+	creds      *peercred.Creds // or nil if peercred.Get was not implemented on this OS
 
 	// Used on Windows:
 	// TODO(bradfitz): merge these into the peercreds package and
diff --git a/ipn/ipnauth/ipnauth_notwindows.go b/ipn/ipnauth/ipnauth_notwindows.go
index d9d11bd0a..f5dc07a8c 100644
--- a/ipn/ipnauth/ipnauth_notwindows.go
+++ b/ipn/ipnauth/ipnauth_notwindows.go
@@ -18,8 +18,13 @@ import (
 func GetConnIdentity(_ logger.Logf, c net.Conn) (ci *ConnIdentity, err error) {
 	ci = &ConnIdentity{conn: c, notWindows: true}
 	_, ci.isUnixSock = c.(*net.UnixConn)
-	if ci.creds, _ = peercred.Get(c); ci.creds != nil {
+	if ci.creds, err = peercred.Get(c); ci.creds != nil {
 		ci.pid, _ = ci.creds.PID()
+	} else if err == peercred.ErrNotImplemented {
+		// peercred.Get is not implemented on this OS (such as OpenBSD)
+		// Just leave creds as nil, as documented.
+	} else if err != nil {
+		return nil, err
 	}
 	return ci, nil
 }
diff --git a/ipn/ipnserver/actor.go b/ipn/ipnserver/actor.go
index 9d86d2c82..924417a33 100644
--- a/ipn/ipnserver/actor.go
+++ b/ipn/ipnserver/actor.go
@@ -145,7 +145,11 @@ func (a *actor) Username() (string, error) {
 		defer tok.Close()
 		return tok.Username()
 	case "darwin", "linux", "illumos", "solaris", "openbsd":
-		uid, ok := a.ci.Creds().UserID()
+		creds := a.ci.Creds()
+		if creds == nil {
+			return "", errors.New("peer credentials not implemented on this OS")
+		}
+		uid, ok := creds.UserID()
 		if !ok {
 			return "", errors.New("missing user ID")
 		}