fachinformatiker-wiki

it's easy when it's here

User Tools

Site Tools

Trace: WireGuard VPN
linux:vpn:wireguard

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
linux:vpn:wireguard [2023/04/01 17:05] – [Inter-Client Communication] adminlinux:vpn:wireguard [2024/02/25 14:28] (current) gsys
Line 3: Line 3:
 ===== Installation ===== ===== Installation =====
  
-<code bash>+<code>
 sudo apt update sudo apt update
 sudo apt install wireguard wireguard-tools sudo apt install wireguard wireguard-tools
Line 12: Line 12:
 ==== Server ==== ==== Server ====
 create private key and remove permissions for any one other than root create private key and remove permissions for any one other than root
-<code bash>+<code>
 wg genkey | sudo tee /etc/wireguard/private.key wg genkey | sudo tee /etc/wireguard/private.key
 sudo chmod go= /etc/wireguard/private.key sudo chmod go= /etc/wireguard/private.key
Line 18: Line 18:
  
 create public key create public key
-<code bash>+<code>
 sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key
 </code> </code>
  
-<code bash>+<code>
 sudo nano /etc/wireguard/wg0.conf sudo nano /etc/wireguard/wg0.conf
 </code> </code>
  
-FIXME 
 <code bash> <code bash>
 [Interface] [Interface]
Line 33: Line 32:
 ListenPort = 51820 ListenPort = 51820
 SaveConfig = false SaveConfig = false
-PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 
-PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE 
  
 [Peer] [Peer]
Line 74: Line 71:
 sudo iptables -A FORWARD -i wg0 -o wg0 -j ACCEPT           # ans Ende der chain (append) sudo iptables -A FORWARD -i wg0 -o wg0 -j ACCEPT           # ans Ende der chain (append)
 sudo iptables -I FORWARD -i wg0 -o wg0 -j ACCEPT           # an den Anfand der Chain sudo iptables -I FORWARD -i wg0 -o wg0 -j ACCEPT           # an den Anfand der Chain
 +</code>
 +
 +==== Internetzugriff ====
 +
 +Server
 +IPv4/IPv6 Packet Forwarding aktivieren
 +<code>
 +sudo sysctl -w net.ipv4.ip_forward=1                       # IPv4 Packet Forwarding aktivieren
 +sudo sysctl -w net.ipv6.ip_forward=1                       # IPv4 Packet Forwarding aktivieren
 +sudo sysctl -p                                             # Änderung anwenden
 +</code>
 +
 +Server
 +<code bash>
 +[Interface]
 +PrivateKey = <private key server>
 +Address = 10.1.2.254/32
 +ListenPort = 51820
 +SaveConfig = false
 +PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 +PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
 +
 +[Peer]
 +PublicKey = <public key client>
 +AllowedIPs = 10.1.2.1/32
 +</code>
 +
 +Client
 +<code bash>
 +[Interface]
 +PrivateKey = <private key client>
 +Address = 10.1.2.1/32
 +DNS = 10.1.2.254 #, 1.1.1.1
 +
 +[Peer]
 +PublicKey = <public key server>
 +AllowedIPs = 0.0.0.0/0, ::/0
 +Endpoint = vpn.example.com:51820
 +PersistentKeepalive = 25
 +</code>
 +
 +==== DNS-Suffix und Suchliste ====
 +
 +Client interface Anpassen
 +<code bash>
 +[Interface]
 +PrivateKey = <private key client>
 +Address = 10.1.2.1/32
 +DNS = 10.1.2.254, lab.local, wg0.lab.local
 +
 +[Peer]
 +PublicKey = <public key server>
 +AllowedIPs = 0.0.0.0/0, ::/0
 +Endpoint = vpn.example.com:51820
 +PersistentKeepalive = 25
 +</code>
 +
 +==== Windows Client ====
 +
 +<code>
 +wireguard /installtunnelservice "C:\Program Files\WireGuard\Data\Configurations\config.conf"
 +wireguard /installtunnelservice "C:\Program Files\WireGuard\Data\Configurations\config.conf.dpapi"
 +wireguard /installmanagerservice
 +wireguard /uninstallmanagerservice
 +wireguard /update 2> C:\path\to\update\log.txt
 </code> </code>
linux/vpn/wireguard.1680361545.txt.gz · Last modified: (external edit)