dotfiles/wireguard
Frieder Schlesier 05d5e6d6b1 update READMEs 2024-06-01 21:55:48 +02:00
..
README.org update READMEs 2024-06-01 21:55:48 +02:00
wg-client.conf.example update documentation for wireguard 2021-06-01 18:15:38 +02:00
wg-server.conf.example update wireguard documentation, fix install, add example for server 2021-05-16 21:45:43 +02:00

README.org

Wireguard Quick Start

https://www.wireguard.com/quickstart/

  • level 3 VPN Protocol.
  • designed for Linux (works on BSD, MacOS and Windows too).
  • network interface as most basic foundation of operation.

The interface can be named almost arbitrarily. Below wg0 is used as a generic interface name (like used in many public tutorials). Replace wg0 with an interface name for the VPN connection, e.g. home, mycloud or secret-work-jump-host.

Linux CLI

Cheat Sheet: https://gist.github.com/chrisswanda/88ade75fc463dcf964c6411d1e9b20f4

Tutorial with best Explaination: https://medium.com/tangram-visions/what-they-dont-tell-you-about-setting-up-a-wireguard-vpn-46f7bd168478

Create Keys

  $ umask 077
  $ wg genkey | tee host.key | wg pubkey > host.pub

Setup the Interface

  # sudo wg-quick up wg0.conf

Add Peer

  # add peer
  wg set wg0 peer <client_pubkey> allowed-ips 10.0.0.x/32 persistent-keepalive 25

  # verify connection
  wg

  # save to config
  wg-quick save wg0
Mobile Client

requires qrencode package installed: qrencode -t ansiutf8 < tunnel.conf where tunnel.conf is the configuration file for the client, including its private and public keys.

Start/Stop Interface

  # Start/stop interface
  wg-quick up wg0
  wg-quick down wg0

  # Start/stop service
  $ sudo systemctl stop wg-quick@wg0.service
  $ sudo systemctl start wg-quick@wg0.service

  # Enable service at startup
  sudo systemctl enable wg-quick@wg0.service

Sync the configuration without restarting the interface

From man wg-quick: The strip command is useful for reloading configuration filesystem without disrupting active sessions:

  # wg syncconf wg0 <(wg-quick strip wg0)