update documentation for wireguard
This commit is contained in:
parent
6395c26baa
commit
9736d91e77
|
|
@ -2,17 +2,21 @@
|
||||||
|
|
||||||
https://www.wireguard.com/quickstart/
|
https://www.wireguard.com/quickstart/
|
||||||
|
|
||||||
Level 3 VPN Protocol.
|
- level 3 VPN Protocol.
|
||||||
Designed for Linux (works on BSD, MacOS and Windows too).
|
- designed for Linux (works on BSD, MacOS and Windows too).
|
||||||
Network Interface as most basic foundation of operation.
|
- network interface as most basic foundation of operation.
|
||||||
|
|
||||||
|
The interface can be named almost arbitrarily. Below ~wg0~ is used as a
|
||||||
|
generic interface name (like used in many public tutorials). Replace ~wg0~
|
||||||
|
with an interface name for the VPN connection, e.g. ~home~, ~mycloud~ or
|
||||||
|
~secret-work-jump-host~.
|
||||||
|
|
||||||
** Linux CLI
|
** Linux CLI
|
||||||
|
|
||||||
Cheat Sheet: https://gist.github.com/chrisswanda/88ade75fc463dcf964c6411d1e9b20f4
|
Cheat Sheet: https://gist.github.com/chrisswanda/88ade75fc463dcf964c6411d1e9b20f4
|
||||||
|
|
||||||
Replace ~wg0~ with an interface name for the VPN connection, e.g. ~homeoffice~ or ~mycloud~
|
Tutorial with best Explaination:
|
||||||
|
https://medium.com/tangram-visions/what-they-dont-tell-you-about-setting-up-a-wireguard-vpn-46f7bd168478
|
||||||
Tutorial with best Explaination: https://medium.com/tangram-visions/what-they-dont-tell-you-about-setting-up-a-wireguard-vpn-46f7bd168478
|
|
||||||
|
|
||||||
*** Create Keys
|
*** Create Keys
|
||||||
|
|
||||||
|
|
@ -50,4 +54,26 @@
|
||||||
# Start/stop service
|
# Start/stop service
|
||||||
$ sudo systemctl stop wg-quick@wg0.service
|
$ sudo systemctl stop wg-quick@wg0.service
|
||||||
$ sudo systemctl start wg-quick@wg0.service
|
$ sudo systemctl start wg-quick@wg0.service
|
||||||
|
|
||||||
|
# Enable service at startup
|
||||||
|
sudo systemctl enable wg-quick@wg0.service
|
||||||
#+end_src
|
#+end_src
|
||||||
|
|
||||||
|
*** Sync the configuration without restarting the interface
|
||||||
|
|
||||||
|
From `man wg-quick`: The strip command is useful for reloading configuration
|
||||||
|
files without disrupting ac‐ tive sessions:
|
||||||
|
|
||||||
|
#+begin_src bash
|
||||||
|
# wg syncconf wgnet0 <(wg-quick strip wgnet0)
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
** Alternative Webinterfaces for Managing Clients
|
||||||
|
|
||||||
|
- https://github.com/place1/wg-access-server/
|
||||||
|
- https://github.com/WeeJeWel/wg-easy
|
||||||
|
- https://github.com/subspacecommunity/subspace
|
||||||
|
- https://github.com/vx3r/wg-gen-web
|
||||||
|
|
||||||
|
- non-web: https://github.com/mullvad/wg-manager
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2,12 +2,14 @@
|
||||||
Address = 10.x.x.x/32
|
Address = 10.x.x.x/32
|
||||||
PostUp = wg set %i private-key /etc/wireguard/private-key-for-this-vpn
|
PostUp = wg set %i private-key /etc/wireguard/private-key-for-this-vpn
|
||||||
|
|
||||||
# immediately test connection to the public (bounce) host
|
# immediately test connection to the public (jump) host
|
||||||
PostUp = ping -c1 10.0.0.1
|
PostUp = ping -c1 10.0.0.1
|
||||||
|
|
||||||
[Peer]
|
[Peer]
|
||||||
PublicKey =
|
PublicKey =
|
||||||
Endpoint =
|
Endpoint =
|
||||||
|
# Set subnet for all IPs that should be routed
|
||||||
|
# through this VPN connection
|
||||||
AllowedIPs = 10.0.0.0/24
|
AllowedIPs = 10.0.0.0/24
|
||||||
|
|
||||||
# if this client is behind a NAT and
|
# if this client is behind a NAT and
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue