Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:vpn:wireguard:basics [2023/03/15 17:24] – [Key management] vgaeteradocs:guide-user:services:vpn:wireguard:basics [2023/08/29 13:17] – add howto for debugging info darksky2
Line 9: Line 9:
 ===== Key management ===== ===== Key management =====
 WireGuard generally relies on [[wp>Public-key_cryptography|public-key cryptography]]. WireGuard generally relies on [[wp>Public-key_cryptography|public-key cryptography]].
-This requires to generate a private and public key for each peer and exchange only the public keys.+It requires to generate a private and public key for each peer and exchange only the public keys.
 While the private key is best never disclosed outside the peer where it was generated. While the private key is best never disclosed outside the peer where it was generated.
 For better security, you can also generate and exchange a pre-shared key. For better security, you can also generate and exchange a pre-shared key.
-Each pair of peers should use a common pre-shared key.+Each pair of peers should use one pre-shared key.
  
 ===== Time synchronization ===== ===== Time synchronization =====
Line 43: Line 43:
 The menu **LuCI -> Status -> WireGuard** shows information about the WireGuard VPN. The menu **LuCI -> Status -> WireGuard** shows information about the WireGuard VPN.
  
 +===== Enabling debug support =====
 +To have wireguard send debug messages to the kernel message buffer, one must compile the kernel with the following option enabled:
 +  - Global build settings >> Kernel build options >> Compile the kernel with debug information
 +
 +The resulting option will be the creation of **/sys/kernel/debug/dynamic_debug/control** which can be used to enable debug logging of wireguard with the following command:
 +<code>
 +echo module wireguard +p > /sys/kernel/debug/dynamic_debug/control
 +</code>
 +
 +Now wireguard transactions should be echoed to the kernel message buffer.
  • Last modified: 2024/01/02 05:45
  • by vgaetera