diff --git a/wireguard/README.org b/wireguard/README.org index 42ff4d8..dc38cb9 100644 --- a/wireguard/README.org +++ b/wireguard/README.org @@ -2,17 +2,21 @@ https://www.wireguard.com/quickstart/ - Level 3 VPN Protocol. - Designed for Linux (works on BSD, MacOS and Windows too). - Network Interface as most basic foundation of operation. + - level 3 VPN Protocol. + - designed for Linux (works on BSD, MacOS and Windows too). + - network interface as most basic foundation of operation. + The interface can be named almost arbitrarily. Below ~wg0~ is used as a + generic interface name (like used in many public tutorials). Replace ~wg0~ + with an interface name for the VPN connection, e.g. ~home~, ~mycloud~ or + ~secret-work-jump-host~. + ** Linux CLI Cheat Sheet: https://gist.github.com/chrisswanda/88ade75fc463dcf964c6411d1e9b20f4 - Replace ~wg0~ with an interface name for the VPN connection, e.g. ~homeoffice~ or ~mycloud~ - - Tutorial with best Explaination: https://medium.com/tangram-visions/what-they-dont-tell-you-about-setting-up-a-wireguard-vpn-46f7bd168478 + Tutorial with best Explaination: + https://medium.com/tangram-visions/what-they-dont-tell-you-about-setting-up-a-wireguard-vpn-46f7bd168478 *** Create Keys @@ -50,4 +54,26 @@ # Start/stop service $ sudo systemctl stop wg-quick@wg0.service $ sudo systemctl start wg-quick@wg0.service + + # Enable service at startup + sudo systemctl enable wg-quick@wg0.service #+end_src + +*** Sync the configuration without restarting the interface + + From `man wg-quick`: The strip command is useful for reloading configuration + files without disrupting ac‐ tive sessions: + + #+begin_src bash + # wg syncconf wgnet0 <(wg-quick strip wgnet0) + #+end_src + +** Alternative Webinterfaces for Managing Clients + + - https://github.com/place1/wg-access-server/ + - https://github.com/WeeJeWel/wg-easy + - https://github.com/subspacecommunity/subspace + - https://github.com/vx3r/wg-gen-web + + - non-web: https://github.com/mullvad/wg-manager + diff --git a/wireguard/wg-client.conf.example b/wireguard/wg-client.conf.example index 37d23fb..813e88f 100644 --- a/wireguard/wg-client.conf.example +++ b/wireguard/wg-client.conf.example @@ -2,12 +2,14 @@ Address = 10.x.x.x/32 PostUp = wg set %i private-key /etc/wireguard/private-key-for-this-vpn -# immediately test connection to the public (bounce) host +# immediately test connection to the public (jump) host PostUp = ping -c1 10.0.0.1 [Peer] PublicKey = Endpoint = +# Set subnet for all IPs that should be routed +# through this VPN connection AllowedIPs = 10.0.0.0/24 # if this client is behind a NAT and