2021-05-08 14:58:00 +02:00
|
|
|
|
* Wireguard Quick Start
|
|
|
|
|
|
|
|
|
|
|
|
https://www.wireguard.com/quickstart/
|
|
|
|
|
|
|
2021-06-01 18:15:38 +02:00
|
|
|
|
- level 3 VPN Protocol.
|
|
|
|
|
|
- designed for Linux (works on BSD, MacOS and Windows too).
|
|
|
|
|
|
- network interface as most basic foundation of operation.
|
|
|
|
|
|
|
|
|
|
|
|
The interface can be named almost arbitrarily. Below ~wg0~ is used as a
|
|
|
|
|
|
generic interface name (like used in many public tutorials). Replace ~wg0~
|
|
|
|
|
|
with an interface name for the VPN connection, e.g. ~home~, ~mycloud~ or
|
|
|
|
|
|
~secret-work-jump-host~.
|
2021-09-19 00:34:34 +02:00
|
|
|
|
|
2021-05-08 14:58:00 +02:00
|
|
|
|
** Linux CLI
|
|
|
|
|
|
|
|
|
|
|
|
Cheat Sheet: https://gist.github.com/chrisswanda/88ade75fc463dcf964c6411d1e9b20f4
|
|
|
|
|
|
|
2021-06-01 18:15:38 +02:00
|
|
|
|
Tutorial with best Explaination:
|
|
|
|
|
|
https://medium.com/tangram-visions/what-they-dont-tell-you-about-setting-up-a-wireguard-vpn-46f7bd168478
|
2021-05-08 14:58:00 +02:00
|
|
|
|
|
|
|
|
|
|
*** Create Keys
|
|
|
|
|
|
|
|
|
|
|
|
#+begin_src bash
|
|
|
|
|
|
$ umask 077
|
2021-09-19 00:34:34 +02:00
|
|
|
|
$ wg genkey | tee host.key | wg pubkey > host.pub
|
2021-05-08 14:58:00 +02:00
|
|
|
|
#+end_src
|
|
|
|
|
|
|
2021-05-16 21:45:43 +02:00
|
|
|
|
*** Setup the Interface
|
2021-05-08 14:58:00 +02:00
|
|
|
|
|
2021-05-16 21:45:43 +02:00
|
|
|
|
#+begin_src bash
|
2021-09-19 00:34:34 +02:00
|
|
|
|
# sudo wg-quick up wg0.conf
|
2021-05-16 21:45:43 +02:00
|
|
|
|
#+end_src
|
2021-05-08 14:58:00 +02:00
|
|
|
|
|
2021-09-19 00:34:34 +02:00
|
|
|
|
*** Add Peer
|
2021-05-08 14:58:00 +02:00
|
|
|
|
|
|
|
|
|
|
#+begin_src bash
|
|
|
|
|
|
# add peer
|
2021-05-16 21:45:43 +02:00
|
|
|
|
wg set wg0 peer <client_pubkey> allowed-ips 10.0.0.x/32 persistent-keepalive 25
|
2021-05-08 14:58:00 +02:00
|
|
|
|
|
|
|
|
|
|
# verify connection
|
|
|
|
|
|
wg
|
|
|
|
|
|
|
|
|
|
|
|
# save to config
|
|
|
|
|
|
wg-quick save wg0
|
2021-09-19 00:34:34 +02:00
|
|
|
|
|
2021-05-08 14:58:00 +02:00
|
|
|
|
#+end_src
|
|
|
|
|
|
|
2021-09-19 00:34:34 +02:00
|
|
|
|
**** Mobile Client
|
|
|
|
|
|
|
|
|
|
|
|
requires ~qrencode~ package installed:
|
|
|
|
|
|
~qrencode -t ansiutf8 < tunnel.conf~
|
|
|
|
|
|
where ~tunnel.conf~ is the configuration file for the client, including its private and public keys.
|
|
|
|
|
|
|
2021-05-08 14:58:00 +02:00
|
|
|
|
*** Start/Stop Interface
|
|
|
|
|
|
|
|
|
|
|
|
#+begin_src bash
|
|
|
|
|
|
# Start/stop interface
|
|
|
|
|
|
wg-quick up wg0
|
|
|
|
|
|
wg-quick down wg0
|
|
|
|
|
|
|
|
|
|
|
|
# Start/stop service
|
|
|
|
|
|
$ sudo systemctl stop wg-quick@wg0.service
|
|
|
|
|
|
$ sudo systemctl start wg-quick@wg0.service
|
2021-06-01 18:15:38 +02:00
|
|
|
|
|
|
|
|
|
|
# Enable service at startup
|
2021-09-19 00:34:34 +02:00
|
|
|
|
sudo systemctl enable wg-quick@wg0.service
|
2021-05-08 14:58:00 +02:00
|
|
|
|
#+end_src
|
2021-06-01 18:15:38 +02:00
|
|
|
|
|
|
|
|
|
|
*** Sync the configuration without restarting the interface
|
|
|
|
|
|
|
2022-04-02 09:56:50 +02:00
|
|
|
|
From ~man wg-quick~: The strip command is useful for reloading configuration
|
2021-06-01 18:15:38 +02:00
|
|
|
|
files without disrupting ac‐ tive sessions:
|
2021-09-19 00:34:34 +02:00
|
|
|
|
|
2021-06-01 18:15:38 +02:00
|
|
|
|
#+begin_src bash
|
2021-09-19 00:34:34 +02:00
|
|
|
|
# wg syncconf wg0 <(wg-quick strip wg0)
|
2021-06-01 18:15:38 +02:00
|
|
|
|
#+end_src
|
|
|
|
|
|
|
|
|
|
|
|
** Alternative Webinterfaces for Managing Clients
|
|
|
|
|
|
|
|
|
|
|
|
- https://github.com/place1/wg-access-server/
|
|
|
|
|
|
- https://github.com/WeeJeWel/wg-easy
|
|
|
|
|
|
- https://github.com/subspacecommunity/subspace
|
|
|
|
|
|
- https://github.com/vx3r/wg-gen-web
|
|
|
|
|
|
|
|
|
|
|
|
- non-web: https://github.com/mullvad/wg-manager
|
