Differences

This shows you the differences between two versions of the page.

--- linux:vpn:wireguard [2023/04/01 17:02] – [Server] admin
+++ linux:vpn:wireguard [2024/02/25 14:28] (current) – gsys
@@ Line 3: / Line 3: @@
 ===== Installation =====
-<code bash>
+<code>
 sudo apt update
 sudo apt install wireguard wireguard-tools
@@ Line 12: / Line 12: @@
 ==== Server ====
 create private key and remove permissions for any one other than root
-<code bash>
+<code>
 wg genkey | sudo tee /etc/wireguard/private.key
 sudo chmod go= /etc/wireguard/private.key
@@ Line 18: / Line 18: @@
 create public key
-<code bash>
+<code>
 sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key
 </code>
-<code bash>
+<code>
 sudo nano /etc/wireguard/wg0.conf
 </code>
-FIXME
 <code bash>
 [Interface]
@@ Line 33: / Line 32: @@
 ListenPort = 51820
 SaveConfig = false
-PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
 [Peer]
@@ Line 60: / Line 57: @@
 Endpoint = vpn.example.com:51820
 PersistentKeepalive = 25
+</code>
+==== Inter-Client Communication ====
+IPv4 Packet Forwarding aktivieren
+<code>
+sudo sysctl -w net.ipv4.ip_forward=1                       # IPv4 Packet Forwarding aktivieren
+sudo sysctl -p                                             # Änderung anwenden
+</code>
+Kommunikation wg0 <-> wg0 erlauben
+<code>
+sudo iptables -A FORWARD -i wg0 -o wg0 -j ACCEPT           # ans Ende der chain (append)
+sudo iptables -I FORWARD -i wg0 -o wg0 -j ACCEPT           # an den Anfand der Chain
+</code>
+==== Internetzugriff ====
+Server
+IPv4/IPv6 Packet Forwarding aktivieren
+<code>
+sudo sysctl -w net.ipv4.ip_forward=1                       # IPv4 Packet Forwarding aktivieren
+sudo sysctl -w net.ipv6.ip_forward=1                       # IPv4 Packet Forwarding aktivieren
+sudo sysctl -p                                             # Änderung anwenden
+</code>
+Server
+<code bash>
+[Interface]
+PrivateKey = <private key server>
+Address = 10.1.2.254/32
+ListenPort = 51820
+SaveConfig = false
+PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+[Peer]
+PublicKey = <public key client>
+AllowedIPs = 10.1.2.1/32
+</code>
+Client
+<code bash>
+[Interface]
+PrivateKey = <private key client>
+Address = 10.1.2.1/32
+DNS = 10.1.2.254 #, 1.1.1.1
+[Peer]
+PublicKey = <public key server>
+AllowedIPs = 0.0.0.0/0, ::/0
+Endpoint = vpn.example.com:51820
+PersistentKeepalive = 25
+</code>
+==== DNS-Suffix und Suchliste ====
+Client interface Anpassen
+<code bash>
+[Interface]
+PrivateKey = <private key client>
+Address = 10.1.2.1/32
+DNS = 10.1.2.254, lab.local, wg0.lab.local
+[Peer]
+PublicKey = <public key server>
+AllowedIPs = 0.0.0.0/0, ::/0
+Endpoint = vpn.example.com:51820
+PersistentKeepalive = 25
+</code>
+==== Windows Client ====
+<code>
+wireguard /installtunnelservice "C:\Program Files\WireGuard\Data\Configurations\config.conf"
+wireguard /installtunnelservice "C:\Program Files\WireGuard\Data\Configurations\config.conf.dpapi"
+wireguard /installmanagerservice
+wireguard /uninstallmanagerservice
+wireguard /update 2> C:\path\to\update\log.txt
 </code>