WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography.

It is currently deployed on our lovely Ubiquity EdgeRouter-PRO.

Client configuration

/etc/wireguard/fixme.conf:

[Interface]
PrivateKey = HAHAHAHAHAHA
Address = 192.168.131.2

[Peer]
Endpoint = 62.220.131.170:53
PublicKey = 4FVgHmPtsY7Rg7VlNrNC0x2RVFHlYJOh8ln7q77THxo=
AllowedIPs = 0.0.0.0/0, ::/0

Send your public key to User:Francois to get added.

Install: https://www.wireguard.com/install/
Key management https://www.wireguard.com/quickstart/#key-generation

And then activate the VPN with wg-quick.

# wg-quick up fixme
# wg show
root@fixme:~# wg show
interface: fixme
  public key: ehn2tJDbFUtHVXf4095KPm9vFetxcCoR6YDCjpFfohc=
  private key: (hidden)
  listening port: 34869
  fwmark: 0xca6c

peer: (hidden)
  endpoint: 62.220.131.170:53
  allowed ips: 0.0.0.0/0, ::/0
  latest handshake: 1 minute, 3 seconds ago
  transfer: 1.57 MiB received, 263.00 KiB sent

Router configuration

Add peer

root@ubnt-fixme:~# wg set wg0 peer <base64 public key> allowed-ips 192.168.131.X/32

root@ubnt-fixme:~# wg show
interface: wg0
  public key: YYY=
  private key: (hidden)
  listening port: 51820

peer: XXX=
  endpoint: ZZZ
  allowed ips: 192.168.131.2/32
  latest handshake: 19 seconds ago
  transfer: 2.38 GiB received, 2.05 GiB sent
[...]

Other

francois@ubnt-fixme# show interfaces wireguard 
 wireguard wg0 {
     address 192.168.131.1/24
     listen-port 51820
     peer ehn2tJDbFUtHVXf4095KPm9vFetxcCoR6YDCjpFfohc= {
         allowed-ips 192.168.131.2/32
     }
     private-key HAHAHAHAHAHAHA
 }
[edit]

WireGuard

Contents

Client configuration

Router configuration

Add peer

Other

Fixme.ch