fachinformatiker-wiki

it's easy when it's here

User Tools

Site Tools

Trace: BIND WireGuard VPN
linux:vpn:wireguard

Table of Contents

WireGuard VPN

Installation

sudo apt update
sudo apt install wireguard wireguard-tools

Konfiguration

Server

create private key and remove permissions for any one other than root 

wg genkey | sudo tee /etc/wireguard/private.key
sudo chmod go= /etc/wireguard/private.key

create public key 

sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key
sudo nano /etc/wireguard/wg0.conf
[Interface]
PrivateKey = <private key server>
Address = 10.1.2.254/32
ListenPort = 51820
SaveConfig = false
 
[Peer]
PublicKey = <public key client>
AllowedIPs = 10.1.2.1/32

Dienst aktivieren und starten 

sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0

Client

[Interface]
PrivateKey = <private key client>
Address = 10.1.2.1/32
DNS = 10.1.2.254
 
[Peer]
PublicKey = <public key server>
AllowedIPs = 10.1.2.1/32
Endpoint = vpn.example.com:51820
PersistentKeepalive = 25

Inter-Client Communication

IPv4 Packet Forwarding aktivieren 

sudo sysctl -w net.ipv4.ip_forward=1                       # IPv4 Packet Forwarding aktivieren
sudo sysctl -p                                             # Änderung anwenden

Kommunikation wg0 ↔ wg0 erlauben 

sudo iptables -A FORWARD -i wg0 -o wg0 -j ACCEPT           # ans Ende der chain (append)
sudo iptables -I FORWARD -i wg0 -o wg0 -j ACCEPT           # an den Anfand der Chain

Internetzugriff

Server IPv4/IPv6 Packet Forwarding aktivieren 

sudo sysctl -w net.ipv4.ip_forward=1                       # IPv4 Packet Forwarding aktivieren
sudo sysctl -w net.ipv6.ip_forward=1                       # IPv4 Packet Forwarding aktivieren
sudo sysctl -p                                             # Änderung anwenden

Server 

[Interface]
PrivateKey = <private key server>
Address = 10.1.2.254/32
ListenPort = 51820
SaveConfig = false
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
 
[Peer]
PublicKey = <public key client>
AllowedIPs = 10.1.2.1/32

Client 

[Interface]
PrivateKey = <private key client>
Address = 10.1.2.1/32
DNS = 10.1.2.254 #, 1.1.1.1
 
[Peer]
PublicKey = <public key server>
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = vpn.example.com:51820
PersistentKeepalive = 25

DNS-Suffix und Suchliste

Client interface Anpassen 

[Interface]
PrivateKey = <private key client>
Address = 10.1.2.1/32
DNS = 10.1.2.254, lab.local, wg0.lab.local
 
[Peer]
PublicKey = <public key server>
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = vpn.example.com:51820
PersistentKeepalive = 25

Windows Client

wireguard /installtunnelservice "C:\Program Files\WireGuard\Data\Configurations\config.conf"
wireguard /installtunnelservice "C:\Program Files\WireGuard\Data\Configurations\config.conf.dpapi"
wireguard /installmanagerservice
wireguard /uninstallmanagerservice
wireguard /update 2> C:\path\to\update\log.txt
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.  More information about cookies 
linux/vpn/wireguard.txt · Last modified: 2024/02/25 14:28 by gsys