fschl
/
dotfiles
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

update wireguard documentation, fix install, add example for server

This commit is contained in:
Frieder Schlesier 2021-05-16 21:45:43 +02:00
parent f73a2145b0
commit 6395c26baa
5 changed files with 44 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
scripts/install.sh
View File

@ -93,6 +93,8 @@ base_applications() {
vpnc \ vpnc \
vpnc-scripts \ vpnc-scripts \
wireguard \ wireguard \
wireguard-dkms \
wireguard-tools \
zip \ zip \
--no-install-recommends --no-install-recommends

25
wireguard/README.org
View File

@ -10,33 +10,28 @@
Cheat Sheet: https://gist.github.com/chrisswanda/88ade75fc463dcf964c6411d1e9b20f4 Cheat Sheet: https://gist.github.com/chrisswanda/88ade75fc463dcf964c6411d1e9b20f4
*** Setup the Interface Replace ~wg0~ with an interface name for the VPN connection, e.g. ~homeoffice~ or ~mycloud~
#+begin_src bash Tutorial with best Explaination: https://medium.com/tangram-visions/what-they-dont-tell-you-about-setting-up-a-wireguard-vpn-46f7bd168478
# ip link add dev wg0 type wireguard
# ip address add dev wg0 10.1.0.2/24
# ip address add dev wg0 10.1.0.2 peer 10.1.0.1
#+end_src
*** Create Keys *** Create Keys
#+begin_src bash #+begin_src bash
$ umask 077 $ umask 077
$ wg genkey > privatekey
$ wg pubkey < privatekey > publickey
#+end_src
or just
#+begin_src bash
$ wg genkey | tee privatekey | wg pubkey > publickey $ wg genkey | tee privatekey | wg pubkey > publickey
#+end_src #+end_src
*** Add Peer To Server *** Setup the Interface
#+begin_src bash
# sudo wg-quick up wg.conf.example
#+end_src
*** Add Peer
#+begin_src bash #+begin_src bash
# add peer # add peer
wg set wg0 peer <client_pubkey> allowed-ips 10.0.0.x/32 wg set wg0 peer <client_pubkey> allowed-ips 10.0.0.x/32 persistent-keepalive 25
# verify connection # verify connection
wg wg

15
wireguard/wg-client.conf.example Normal file
View File

@ -0,0 +1,15 @@
[Interface]
Address = 10.x.x.x/32
PostUp = wg set %i private-key /etc/wireguard/private-key-for-this-vpn
# immediately test connection to the public (bounce) host
PostUp = ping -c1 10.0.0.1
[Peer]
PublicKey =
Endpoint =
AllowedIPs = 10.0.0.0/24
# if this client is behind a NAT and
# other clients should be able to connect
PersistentKeepalive = 25

17
wireguard/wg-server.conf.example Normal file
View File

@ -0,0 +1,17 @@
[Interface]
Address = 10.0.0.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
ListenPort = <some-high port>
PrivateKey = <here-comes-your-server-private-key>
[Peer]
# client 1
PublicKey = <client1-public-key>
AllowedIPs = 10.0.0.2/32
[Peer]
# client 2
PublicKey = <client2-public-key>
AllowedIPs = 10.0.0.3/32

9
wireguard/wg.conf.example
View File

@ -1,9 +0,0 @@
[Interface]
PrivateKey =
Address = 10.x.x.x/24
[Peer]
PublicKey =
Endpoint =
AllowedIPs = 10.x.x.x/32
PersistentKeepalive = 25