fschl
/
dotfiles
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
dotfiles/wireguard/README.org

86 lines
2.2 KiB
Org Mode
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

* Wireguard Quick Start
https://www.wireguard.com/quickstart/
- level 3 VPN Protocol.
- designed for Linux (works on BSD, MacOS and Windows too).
- network interface as most basic foundation of operation.
The interface can be named almost arbitrarily. Below ~wg0~ is used as a
generic interface name (like used in many public tutorials). Replace ~wg0~
with an interface name for the VPN connection, e.g. ~home~, ~mycloud~ or ~secret-work-jump-host~.
** Linux CLI
Cheat Sheet: https://gist.github.com/chrisswanda/88ade75fc463dcf964c6411d1e9b20f4
Tutorial with best Explaination:
https://medium.com/tangram-visions/what-they-dont-tell-you-about-setting-up-a-wireguard-vpn-46f7bd168478
*** Create Keys
#+begin_src bash
$ umask 077
$ wg genkey | tee host.key | wg pubkey > host.pub
#+end_src
*** Setup the Interface
#+begin_src bash
# sudo wg-quick up wg0.conf
#+end_src
*** Add Peer
#+begin_src bash
# add peer
wg set wg0 peer <client_pubkey> allowed-ips 10.0.0.x/32 persistent-keepalive 25
# verify connection
wg
# save to config
wg-quick save wg0
#+end_src
**** Mobile Client
requires ~qrencode~ package installed: ~qrencode -t ansiutf8 < tunnel.conf~
where ~tunnel.conf~ is the configuration file for the client, including its private and public keys.
*** Start/Stop Interface
#+begin_src bash
# Start/stop interface
wg-quick up wg0
wg-quick down wg0
# Start/stop service
$ sudo systemctl stop wg-quick@wg0.service
$ sudo systemctl start wg-quick@wg0.service
# Enable service at startup
sudo systemctl enable wg-quick@wg0.service
#+end_src
*** Sync the configuration without restarting the interface
From `man wg-quick`: The strip command is useful for reloading configuration
files without disrupting ac tive sessions:
#+begin_src bash
# wg syncconf wg0 <(wg-quick strip wg0)
#+end_src
** Alternative Webinterfaces for Managing Clients
- https://github.com/place1/wg-access-server/
- https://github.com/WeeJeWel/wg-easy
- https://github.com/subspacecommunity/subspace
- https://github.com/vx3r/wg-gen-web
- non-web: https://github.com/mullvad/wg-manager
Reference in New Issue View Git Blame Copy Permalink