Differences between revisions 4 and 7 (spanning 3 versions)

WireGuard

Contents

WireGuard
1. Installation
2. Setup

Installation

Install the wireguard and wireguard-tools packages from your package manager of choice.

Setup

FreeBSD Server

Use pf(4) to tunnel network traffic from the wg0 interface to the external interface. See pf.conf(5) for details on this basic configuration.

ext_if="genet0"
int_if="wg0"
private_net="{ 10.0.0.0/8 }"

nat on $ext_if from $private_net to any -> ($ext_if)

wireguard_enable="YES"
wireguard_interfaces="wg0"
pf_enable="YES"
pf_rules="/usr/local/etc/pf.conf"

Linux Server

Generate a private/public pair of keys.

wg genkey | tee privatekey | wg pubkey > publickey

Create an interface file at /etc/wireguard/wg0.conf.

[Interface]
PrivateKey = <your remote private key here>
Address = 10.0.0.1/24, fdc9:281f:04d7:9ee9::1/64
ListenPort = 51820
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

# Peer 1
[Peer]
PublicKey = <your local public key here>
AllowedIPs = 10.0.0.2/32, fdc9:281f:04d7:9ee9::2/128

Test the configuration by running:

sudo wg-quick up wg0

For systemd-capable systems, set !WireGuard to run persistently by starting and enabling [email protected].

Linux Peer

Generate a pair of keys, as above. Create an interface file at /etc/wireguard/wg0.conf.

[Interface]
PrivateKey = <your local private key here>
Address = 10.0.0.2/24, fd86:ea04:1115::2/64
ListenPort = <your local port number>

[Peer]
PublicKey = <your remote public key here>
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = <your remote host>
PersistentKeepalive = 25

wg0, the !WireGuard interface, can be set live or killed using:

wg-quick up wg0
wg-quick down wg0

Android Peer

CategoryRicottone

-  ⇤ ← Revision 4 as of 2021-06-29 19:11:14 → 
  Size: 1792
  Editor: DominicRicottone
  Comment:
+   ← Revision 7 as of 2021-06-29 20:20:49 → ⇥
  Size: 2247
  Editor: DominicRicottone
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 9:
+== Installation ==

Install the `wireguard` and `wireguard-tools` packages from your package manager of choice.

----
-Line 11:
+Line 19:
-=== Server ===
+=== FreeBSD Server ===
-Line 13:
+Line 21:
-Open a shell on your remote machine and install `wireguard-tools`, which contains a set of CLI tools.
+Use `pf(4)` to tunnel network traffic from the `wg0` interface to the external interface. See `pf.conf(5)` for details on this basic configuration.

{{{
ext_if="genet0"
int_if="wg0"
private_net="{ 10.0.0.0/8 }"

nat on $ext_if from $private_net to any -> ($ext_if)
}}}

{{{
wireguard_enable="YES"
wireguard_interfaces="wg0"
pf_enable="YES"
pf_rules="/usr/local/etc/pf.conf"
}}}



=== Linux Server ===
-Line 47:
+Line 74:
-=== Peer 1 ===
+=== Linux Peer ===
-Line 49:
+Line 76:
-Install `wireguard-tools` and generate a pair of keys, as above.

Create an interface file at `/etc/wireguard/wg0.conf`.
+Generate a pair of keys, as above. Create an interface file at `/etc/wireguard/wg0.conf`.
-Line 75:
+Line 100:
+=== Android Peer ===

Diff for "Encryption/WireGuard"