From 6395c26baa92a9bd238fd85f9c7a1a5506912918 Mon Sep 17 00:00:00 2001 From: Frieder Schlesier Date: Sun, 16 May 2021 21:45:43 +0200 Subject: [PATCH] update wireguard documentation, fix install, add example for server --- scripts/install.sh | 2 ++ wireguard/README.org | 25 ++++++++++--------------- wireguard/wg-client.conf.example | 15 +++++++++++++++ wireguard/wg-server.conf.example | 17 +++++++++++++++++ wireguard/wg.conf.example | 9 --------- 5 files changed, 44 insertions(+), 24 deletions(-) create mode 100644 wireguard/wg-client.conf.example create mode 100644 wireguard/wg-server.conf.example delete mode 100644 wireguard/wg.conf.example diff --git a/scripts/install.sh b/scripts/install.sh index 68b42b6..6f6152b 100755 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -93,6 +93,8 @@ base_applications() { vpnc \ vpnc-scripts \ wireguard \ + wireguard-dkms \ + wireguard-tools \ zip \ --no-install-recommends diff --git a/wireguard/README.org b/wireguard/README.org index da24912..42ff4d8 100644 --- a/wireguard/README.org +++ b/wireguard/README.org @@ -10,33 +10,28 @@ Cheat Sheet: https://gist.github.com/chrisswanda/88ade75fc463dcf964c6411d1e9b20f4 -*** Setup the Interface + Replace ~wg0~ with an interface name for the VPN connection, e.g. ~homeoffice~ or ~mycloud~ - #+begin_src bash - # ip link add dev wg0 type wireguard - # ip address add dev wg0 10.1.0.2/24 - # ip address add dev wg0 10.1.0.2 peer 10.1.0.1 - #+end_src + Tutorial with best Explaination: https://medium.com/tangram-visions/what-they-dont-tell-you-about-setting-up-a-wireguard-vpn-46f7bd168478 *** Create Keys #+begin_src bash $ umask 077 - $ wg genkey > privatekey - $ wg pubkey < privatekey > publickey - #+end_src - - or just - - #+begin_src bash $ wg genkey | tee privatekey | wg pubkey > publickey #+end_src -*** Add Peer To Server +*** Setup the Interface + + #+begin_src bash + # sudo wg-quick up wg.conf.example + #+end_src + +*** Add Peer #+begin_src bash # add peer - wg set wg0 peer allowed-ips 10.0.0.x/32 + wg set wg0 peer allowed-ips 10.0.0.x/32 persistent-keepalive 25 # verify connection wg diff --git a/wireguard/wg-client.conf.example b/wireguard/wg-client.conf.example new file mode 100644 index 0000000..37d23fb --- /dev/null +++ b/wireguard/wg-client.conf.example @@ -0,0 +1,15 @@ +[Interface] +Address = 10.x.x.x/32 +PostUp = wg set %i private-key /etc/wireguard/private-key-for-this-vpn + +# immediately test connection to the public (bounce) host +PostUp = ping -c1 10.0.0.1 + +[Peer] +PublicKey = +Endpoint = +AllowedIPs = 10.0.0.0/24 + +# if this client is behind a NAT and +# other clients should be able to connect +PersistentKeepalive = 25 \ No newline at end of file diff --git a/wireguard/wg-server.conf.example b/wireguard/wg-server.conf.example new file mode 100644 index 0000000..50c2537 --- /dev/null +++ b/wireguard/wg-server.conf.example @@ -0,0 +1,17 @@ +[Interface] +Address = 10.0.0.1/24 +SaveConfig = true +PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE +PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE +ListenPort = +PrivateKey = + +[Peer] +# client 1 +PublicKey = +AllowedIPs = 10.0.0.2/32 + +[Peer] +# client 2 +PublicKey = +AllowedIPs = 10.0.0.3/32 diff --git a/wireguard/wg.conf.example b/wireguard/wg.conf.example deleted file mode 100644 index 698ba92..0000000 --- a/wireguard/wg.conf.example +++ /dev/null @@ -1,9 +0,0 @@ -[Interface] -PrivateKey = -Address = 10.x.x.x/24 - -[Peer] -PublicKey = -Endpoint = -AllowedIPs = 10.x.x.x/32 -PersistentKeepalive = 25 \ No newline at end of file