Difference between revisions of "WireGuard"
From Fixme.ch
								
												
				|  (→Router configuration) |  (→Add peer) | ||
| Line 46: | Line 46: | ||
| == Add peer == | == Add peer == | ||
| <pre> | <pre> | ||
| − | + | ssh ubnt@router.fixme.ch | |
| + | |||
| + | root@ubnt-fixme#  | ||
| + | |||
| + | root@ubnt-fixme# show interfaces wireguard wg0 | ||
| + |  address 192.168.131.1/24 | ||
| + |  listen-port 51820 | ||
| + |  mtu 1420 | ||
| + |  peer XXX { | ||
| + |      allowed-ips 192.168.131.X/32 | ||
| + |      description Name | ||
| + |  } | ||
| + | [...] | ||
| + | |||
| + | # Set the next available allowed ip | ||
| + | root@ubnt-fixme# set interfaces wireguard wg0 peer "<base64 public key>" | ||
| + | root@ubnt-fixme# set interfaces wireguard wg0 peer "<base64 public key>" allowed-ips 192.168.131.X/32 | ||
| + | root@ubnt-fixme# set interfaces wireguard wg0 peer "<base64 public key>" description Name | ||
| + | |||
| + | root@ubnt-fixme# show interfaces wireguard wg0 | ||
| </pre> | </pre> | ||
Revision as of 16:51, 20 November 2020
WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography.
It is currently deployed on our lovely Ubiquity EdgeRouter-PRO.
Client configuration
/etc/wireguard/fixme.conf:
[Interface] PrivateKey = HAHAHAHAHAHA Address = 192.168.131.2 [Peer] Endpoint = 62.220.131.170:53 PublicKey = 4FVgHmPtsY7Rg7VlNrNC0x2RVFHlYJOh8ln7q77THxo= AllowedIPs = 0.0.0.0/0, ::/0
Send your public key to User:Francois to get added.
- Install: https://www.wireguard.com/install/
- Key management https://www.wireguard.com/quickstart/#key-generation
And then activate the VPN with wg-quick.
# wg-quick up fixme # wg show root@fixme:~# wg show interface: fixme public key: ehn2tJDbFUtHVXf4095KPm9vFetxcCoR6YDCjpFfohc= private key: (hidden) listening port: 34869 fwmark: 0xca6c peer: (hidden) endpoint: 62.220.131.170:53 allowed ips: 0.0.0.0/0, ::/0 latest handshake: 1 minute, 3 seconds ago transfer: 1.57 MiB received, 263.00 KiB sent
Router configuration
Add peer
ssh ubnt@router.fixme.ch
root@ubnt-fixme# 
root@ubnt-fixme# show interfaces wireguard wg0
 address 192.168.131.1/24
 listen-port 51820
 mtu 1420
 peer XXX {
     allowed-ips 192.168.131.X/32
     description Name
 }
[...]
# Set the next available allowed ip
root@ubnt-fixme# set interfaces wireguard wg0 peer "<base64 public key>"
root@ubnt-fixme# set interfaces wireguard wg0 peer "<base64 public key>" allowed-ips 192.168.131.X/32
root@ubnt-fixme# set interfaces wireguard wg0 peer "<base64 public key>" description Name
root@ubnt-fixme# show interfaces wireguard wg0
Other
francois@ubnt-fixme# show interfaces wireguard 
 wireguard wg0 {
     address 192.168.131.1/24
     listen-port 51820
     peer ehn2tJDbFUtHVXf4095KPm9vFetxcCoR6YDCjpFfohc= {
         allowed-ips 192.168.131.2/32
     }
     private-key HAHAHAHAHAHAHA
 }
[edit]

