Difference between revisions of "WireGuard"
From Fixme.ch
(→Router configuration) |
(→Add peer) |
||
| Line 48: | Line 48: | ||
root@ubnt-fixme:~# wg set wg0 peer <base64 public key> allowed-ips 192.168.131.4/32^C | root@ubnt-fixme:~# wg set wg0 peer <base64 public key> allowed-ips 192.168.131.4/32^C | ||
| − | + | root@ubnt-fixme:~# wg show | |
interface: wg0 | interface: wg0 | ||
public key: YYY= | public key: YYY= | ||
Revision as of 18:35, 20 November 2020
WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography.
It is currently deployed on our lovely Ubiquity EdgeRouter-PRO.
Client configuration
/etc/wireguard/fixme.conf:
[Interface] PrivateKey = HAHAHAHAHAHA Address = 192.168.131.2 [Peer] Endpoint = 62.220.131.170:53 PublicKey = 4FVgHmPtsY7Rg7VlNrNC0x2RVFHlYJOh8ln7q77THxo= AllowedIPs = 0.0.0.0/0, ::/0
Send your public key to User:Francois to get added.
- Install: https://www.wireguard.com/install/
- Key management https://www.wireguard.com/quickstart/#key-generation
And then activate the VPN with wg-quick.
# wg-quick up fixme # wg show root@fixme:~# wg show interface: fixme public key: ehn2tJDbFUtHVXf4095KPm9vFetxcCoR6YDCjpFfohc= private key: (hidden) listening port: 34869 fwmark: 0xca6c peer: (hidden) endpoint: 62.220.131.170:53 allowed ips: 0.0.0.0/0, ::/0 latest handshake: 1 minute, 3 seconds ago transfer: 1.57 MiB received, 263.00 KiB sent
Router configuration
Add peer
root@ubnt-fixme:~# wg set wg0 peer <base64 public key> allowed-ips 192.168.131.4/32^C root@ubnt-fixme:~# wg show interface: wg0 public key: YYY= private key: (hidden) listening port: 51820 peer: XXX= endpoint: ZZZ allowed ips: 192.168.131.2/32 latest handshake: 19 seconds ago transfer: 2.38 GiB received, 2.05 GiB sent [...]
Other
francois@ubnt-fixme# show interfaces wireguard
wireguard wg0 {
address 192.168.131.1/24
listen-port 51820
peer ehn2tJDbFUtHVXf4095KPm9vFetxcCoR6YDCjpFfohc= {
allowed-ips 192.168.131.2/32
}
private-key HAHAHAHAHAHAHA
}
[edit]
