Differences between revisions 2 and 7 (spanning 5 versions)

WireGuard

Contents

WireGuard
1. Installation
2. Setup

Installation

Install the wireguard and wireguard-tools packages from your package manager of choice.

Setup

FreeBSD Server

Use pf(4) to tunnel network traffic from the wg0 interface to the external interface. See pf.conf(5) for details on this basic configuration.

ext_if="genet0"
int_if="wg0"
private_net="{ 10.0.0.0/8 }"

nat on $ext_if from $private_net to any -> ($ext_if)

wireguard_enable="YES"
wireguard_interfaces="wg0"
pf_enable="YES"
pf_rules="/usr/local/etc/pf.conf"

Linux Server

Generate a private/public pair of keys.

wg genkey | tee privatekey | wg pubkey > publickey

Create an interface file at /etc/wireguard/wg0.conf.

[Interface]
PrivateKey = <your remote private key here>
Address = 10.0.0.1/24, fdc9:281f:04d7:9ee9::1/64
ListenPort = 51820
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

# Peer 1
[Peer]
PublicKey = <your local public key here>
AllowedIPs = 10.0.0.2/32, fdc9:281f:04d7:9ee9::2/128

Test the configuration by running:

sudo wg-quick up wg0

For systemd-capable systems, set !WireGuard to run persistently by starting and enabling [email protected].

Linux Peer

Generate a pair of keys, as above. Create an interface file at /etc/wireguard/wg0.conf.

[Interface]
PrivateKey = <your local private key here>
Address = 10.0.0.2/24, fd86:ea04:1115::2/64
ListenPort = <your local port number>

[Peer]
PublicKey = <your remote public key here>
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = <your remote host>
PersistentKeepalive = 25

wg0, the !WireGuard interface, can be set live or killed using:

wg-quick up wg0
wg-quick down wg0

Android Peer

CategoryRicottone

-  ⇤ ← Revision 2 as of 2021-06-29 19:10:10 → 
  Size: 1824
  Editor: DominicRicottone
  Comment:
+   ← Revision 7 as of 2021-06-29 20:20:49 → ⇥
  Size: 2247
  Editor: DominicRicottone
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 1:
-## page was renamed from WireGuard
-Line 10:
+Line 9:
-== Linux Setup ==
+== Installation ==
-Line 12:
+Line 11:
-=== Server ===
+Install the `wireguard` and `wireguard-tools` packages from your package manager of choice.
-Line 14:
+Line 13:
-Open a shell on your remote machine and install `wireguard-tools`, which contains a set of CLI tools.
+----



== Setup ==

=== FreeBSD Server ===

Use `pf(4)` to tunnel network traffic from the `wg0` interface to the external interface. See `pf.conf(5)` for details on this basic configuration.

{{{
ext_if="genet0"
int_if="wg0"
private_net="{ 10.0.0.0/8 }"

nat on $ext_if from $private_net to any -> ($ext_if)
}}}

{{{
wireguard_enable="YES"
wireguard_interfaces="wg0"
pf_enable="YES"
pf_rules="/usr/local/etc/pf.conf"
}}}



=== Linux Server ===
-Line 44:
+Line 70:
-For `systemd`-capable systems, set WireGuard to run persistently by [[Systemd|starting and enabling]] `[email protected]`.
+For `systemd`-capable systems, set !WireGuard to run persistently by [[Systemd|starting and enabling]] `[email protected]`.
-Line 48:
+Line 74:
-=== Peer 1 ===
+=== Linux Peer ===
-Line 50:
+Line 76:
-Install `wireguard-tools` and generate a pair of keys, as above.

Create an interface file at `/etc/wireguard/wg0.conf`.
+Generate a pair of keys, as above. Create an interface file at `/etc/wireguard/wg0.conf`.
-Line 67:
+Line 91:
-The WireGuard interface can be set live or killed using:
+`wg0`, the !WireGuard interface, can be set live or killed using:
-Line 76:
+Line 100:
+=== Android Peer ===

Diff for "Encryption/WireGuard"