Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:vpn:wireguard:basics [2021/08/22 18:34] – headers vgaeteradocs:guide-user:services:vpn:wireguard:basics [2023/08/29 13:17] – add howto for debugging info darksky2
Line 9: Line 9:
 ===== Key management ===== ===== Key management =====
 WireGuard generally relies on [[wp>Public-key_cryptography|public-key cryptography]]. WireGuard generally relies on [[wp>Public-key_cryptography|public-key cryptography]].
-This means you should generate private keys on the respective peers and exchange only their public keys. +It requires to generate private and public key for each peer and exchange only the public keys. 
-In addition for better security, you can also generate and exchange a pre-shared key. +While the private key is best never disclosed outside the peer where it was generated. 
-Each peers should use a common pre-shared key.+For better security, you can also generate and exchange a pre-shared key. 
 +Each pair of peers should use one pre-shared key.
  
 ===== Time synchronization ===== ===== Time synchronization =====
Line 40: Line 41:
  
 ==== 5. Monitoring status ==== ==== 5. Monitoring status ====
-The menu **LuCI -> Status -> WireGuard Status** shows information about the WireGuard VPN.+The menu **LuCI -> Status -> WireGuard** shows information about the WireGuard VPN.
  
 +===== Enabling debug support =====
 +To have wireguard send debug messages to the kernel message buffer, one must compile the kernel with the following option enabled:
 +  - Global build settings >> Kernel build options >> Compile the kernel with debug information
 +
 +The resulting option will be the creation of **/sys/kernel/debug/dynamic_debug/control** which can be used to enable debug logging of wireguard with the following command:
 +<code>
 +echo module wireguard +p > /sys/kernel/debug/dynamic_debug/control
 +</code>
 +
 +Now wireguard transactions should be echoed to the kernel message buffer.
  • Last modified: 2024/01/02 05:45
  • by vgaetera