Difference between revisions of "WireGuard"
From Fixme.ch
(→Add peer) |
|||
| (14 intermediate revisions by 2 users not shown) | |||
| Line 4: | Line 4: | ||
= Client configuration = | = Client configuration = | ||
| + | |||
| + | |||
| + | /etc/wireguard/fixme.conf: | ||
<pre> | <pre> | ||
| − | |||
[Interface] | [Interface] | ||
| − | PrivateKey = | + | PrivateKey = HAHAHAHAHAHA |
Address = 192.168.131.2 | Address = 192.168.131.2 | ||
[Peer] | [Peer] | ||
| − | Endpoint = 62.220. | + | Endpoint = 62.220.131.170:53 |
PublicKey = 4FVgHmPtsY7Rg7VlNrNC0x2RVFHlYJOh8ln7q77THxo= | PublicKey = 4FVgHmPtsY7Rg7VlNrNC0x2RVFHlYJOh8ln7q77THxo= | ||
AllowedIPs = 0.0.0.0/0, ::/0 | AllowedIPs = 0.0.0.0/0, ::/0 | ||
| − | |||
</pre> | </pre> | ||
Send your public key to [[User:Francois]] to get added. | Send your public key to [[User:Francois]] to get added. | ||
| + | * Install: https://www.wireguard.com/install/ | ||
| + | * Key management https://www.wireguard.com/quickstart/#key-generation | ||
| + | |||
| + | And then activate the VPN with wg-quick. | ||
| + | |||
| + | <pre> | ||
| + | # wg-quick up fixme | ||
| + | # wg show | ||
| + | root@fixme:~# wg show | ||
| + | interface: fixme | ||
| + | public key: ehn2tJDbFUtHVXf4095KPm9vFetxcCoR6YDCjpFfohc= | ||
| + | private key: (hidden) | ||
| + | listening port: 34869 | ||
| + | fwmark: 0xca6c | ||
| + | |||
| + | peer: (hidden) | ||
| + | endpoint: 62.220.131.170:53 | ||
| + | allowed ips: 0.0.0.0/0, ::/0 | ||
| + | latest handshake: 1 minute, 3 seconds ago | ||
| + | transfer: 1.57 MiB received, 263.00 KiB sent | ||
| + | </pre> | ||
= Router configuration = | = Router configuration = | ||
| + | == Add peer == | ||
<pre> | <pre> | ||
| − | + | ssh ubnt@router.fixme.ch | |
| − | + | ||
| − | + | root@ubnt-fixme# configure | |
| − | + | ||
| − | + | root@ubnt-fixme# show interfaces wireguard wg0 | |
| − | + | address 192.168.131.1/24 | |
| − | + | listen-port 51820 | |
| − | + | mtu 1420 | |
| + | peer XXX { | ||
| + | allowed-ips 192.168.131.X/32 | ||
| + | description Name | ||
} | } | ||
| − | [ | + | [...] |
| + | |||
| + | # Set the next available allowed ip | ||
| + | root@ubnt-fixme# set interfaces wireguard wg0 peer "<base64 public key>" | ||
| + | root@ubnt-fixme# set interfaces wireguard wg0 peer "<base64 public key>" allowed-ips 192.168.131.X/32 | ||
| + | root@ubnt-fixme# set interfaces wireguard wg0 peer "<base64 public key>" description Name | ||
| + | root@ubnt-fixme# show interfaces wireguard wg0 | ||
| + | root@ubnt-fixme# commit | ||
| + | root@ubnt-fixme# save | ||
</pre> | </pre> | ||
Latest revision as of 18:52, 20 November 2020
WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography.
It is currently deployed on our lovely Ubiquity EdgeRouter-PRO.
Client configuration
/etc/wireguard/fixme.conf:
[Interface] PrivateKey = HAHAHAHAHAHA Address = 192.168.131.2 [Peer] Endpoint = 62.220.131.170:53 PublicKey = 4FVgHmPtsY7Rg7VlNrNC0x2RVFHlYJOh8ln7q77THxo= AllowedIPs = 0.0.0.0/0, ::/0
Send your public key to User:Francois to get added.
- Install: https://www.wireguard.com/install/
- Key management https://www.wireguard.com/quickstart/#key-generation
And then activate the VPN with wg-quick.
# wg-quick up fixme # wg show root@fixme:~# wg show interface: fixme public key: ehn2tJDbFUtHVXf4095KPm9vFetxcCoR6YDCjpFfohc= private key: (hidden) listening port: 34869 fwmark: 0xca6c peer: (hidden) endpoint: 62.220.131.170:53 allowed ips: 0.0.0.0/0, ::/0 latest handshake: 1 minute, 3 seconds ago transfer: 1.57 MiB received, 263.00 KiB sent
Router configuration
Add peer
ssh ubnt@router.fixme.ch
root@ubnt-fixme# configure
root@ubnt-fixme# show interfaces wireguard wg0
address 192.168.131.1/24
listen-port 51820
mtu 1420
peer XXX {
allowed-ips 192.168.131.X/32
description Name
}
[...]
# Set the next available allowed ip
root@ubnt-fixme# set interfaces wireguard wg0 peer "<base64 public key>"
root@ubnt-fixme# set interfaces wireguard wg0 peer "<base64 public key>" allowed-ips 192.168.131.X/32
root@ubnt-fixme# set interfaces wireguard wg0 peer "<base64 public key>" description Name
root@ubnt-fixme# show interfaces wireguard wg0
root@ubnt-fixme# commit
root@ubnt-fixme# save
