====== WireGuard VPN ======
===== Installation =====
sudo apt update
sudo apt install wireguard wireguard-tools
===== Konfiguration =====
==== Server ====
create private key and remove permissions for any one other than root
wg genkey | sudo tee /etc/wireguard/private.key
sudo chmod go= /etc/wireguard/private.key
create public key
sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key
sudo nano /etc/wireguard/wg0.conf
[Interface]
PrivateKey =
Address = 10.1.2.254/32
ListenPort = 51820
SaveConfig = false
[Peer]
PublicKey =
AllowedIPs = 10.1.2.1/32
Dienst aktivieren und starten
sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0
==== Client ====
[Interface]
PrivateKey =
Address = 10.1.2.1/32
DNS = 10.1.2.254
[Peer]
PublicKey =
AllowedIPs = 10.1.2.1/32
Endpoint = vpn.example.com:51820
PersistentKeepalive = 25
==== Inter-Client Communication ====
IPv4 Packet Forwarding aktivieren
sudo sysctl -w net.ipv4.ip_forward=1 # IPv4 Packet Forwarding aktivieren
sudo sysctl -p # Änderung anwenden
Kommunikation wg0 <-> wg0 erlauben
sudo iptables -A FORWARD -i wg0 -o wg0 -j ACCEPT # ans Ende der chain (append)
sudo iptables -I FORWARD -i wg0 -o wg0 -j ACCEPT # an den Anfand der Chain
==== Internetzugriff ====
Server
IPv4/IPv6 Packet Forwarding aktivieren
sudo sysctl -w net.ipv4.ip_forward=1 # IPv4 Packet Forwarding aktivieren
sudo sysctl -w net.ipv6.ip_forward=1 # IPv4 Packet Forwarding aktivieren
sudo sysctl -p # Änderung anwenden
Server
[Interface]
PrivateKey =
Address = 10.1.2.254/32
ListenPort = 51820
SaveConfig = false
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey =
AllowedIPs = 10.1.2.1/32
Client
[Interface]
PrivateKey =
Address = 10.1.2.1/32
DNS = 10.1.2.254 #, 1.1.1.1
[Peer]
PublicKey =
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = vpn.example.com:51820
PersistentKeepalive = 25
==== DNS-Suffix und Suchliste ====
Client interface Anpassen
[Interface]
PrivateKey =
Address = 10.1.2.1/32
DNS = 10.1.2.254, lab.local, wg0.lab.local
[Peer]
PublicKey =
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = vpn.example.com:51820
PersistentKeepalive = 25
==== Windows Client ====
wireguard /installtunnelservice "C:\Program Files\WireGuard\Data\Configurations\config.conf"
wireguard /installtunnelservice "C:\Program Files\WireGuard\Data\Configurations\config.conf.dpapi"
wireguard /installmanagerservice
wireguard /uninstallmanagerservice
wireguard /update 2> C:\path\to\update\log.txt