Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:services:vpn:wireguard:client [2019/08/03 05:14] – [Instructions] vgaetera | docs:guide-user:services:vpn:wireguard:client [2023/10/28 18:47] – [2. Key management] vgaetera | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== WireGuard client ====== | ====== WireGuard client ====== | ||
| - | {{section> | + | {{section> |
| ===== Introduction ===== | ===== Introduction ===== | ||
| - | * This guide describes | + | * This how-to describes the method for setting up [[wp> |
| - | * You can use it to connect to your own WireGuard server or a commercial WireGuard provider. | + | * Follow [[docs: |
| - | * Follow [[basic|WireGuard | + | |
| ===== Goals ===== | ===== Goals ===== | ||
| - | {{section> | + | {{section> |
| - | ===== Instructions | + | ===== Command-line instructions |
| - | {{page> | + | ==== 1. Preparation ==== |
| - | + | Install the required packages. | |
| - | Client | + | Specify |
| <code bash> | <code bash> | ||
| # Install packages | # Install packages | ||
| opkg update | opkg update | ||
| - | opkg install wireguard | + | opkg install wireguard-tools |
| # Configuration parameters | # Configuration parameters | ||
| - | WG_IF="wg0" | + | VPN_IF="vpn" |
| - | WG_HOST="SERVER_NAME_OR_IP_ADDRESS" | + | VPN_SERV="SERVER_ADDRESS" |
| - | WG_PORT=" | + | VPN_PORT=" |
| - | WG_ADDR=" | + | VPN_ADDR=" |
| - | WG_ADDR6="fdf1:7610: | + | VPN_ADDR6="fd00:9:: |
| - | WG_PRIVKEY=" | + | </ |
| - | echo " | + | |
| - | WG_PUBKEY=" | + | |
| - | WG_PSK=" | + | |
| + | ==== 2. Key management ==== | ||
| + | Generate and exchange [[docs: | ||
| + | |||
| + | <code bash> | ||
| + | # Generate keys | ||
| + | umask go= | ||
| + | wg genkey | tee wgserver.key | wg pubkey > wgserver.pub | ||
| + | wg genkey | tee wgclient.key | wg pubkey > wgclient.pub | ||
| + | wg genpsk > wgclient.psk | ||
| + | |||
| + | # Client private key | ||
| + | VPN_KEY=" | ||
| + | |||
| + | # Pre-shared key | ||
| + | VPN_PSK=" | ||
| + | |||
| + | # Server public key | ||
| + | VPN_PUB=" | ||
| + | </ | ||
| + | |||
| + | ==== 3. Firewall ==== | ||
| + | Consider VPN network as public. | ||
| + | Assign VPN interface to WAN zone to minimize firewall setup. | ||
| + | |||
| + | <code bash> | ||
| # Configure firewall | # Configure firewall | ||
| - | uci del_list | + | uci rename firewall.@zone[0]=" |
| - | uci add_list firewall.@zone[1].network=" | + | uci rename |
| + | uci del_list firewall.wan.network=" | ||
| + | uci add_list firewall.wan.network=" | ||
| uci commit firewall | uci commit firewall | ||
| service firewall restart | service firewall restart | ||
| + | </ | ||
| + | ==== 4. Network ==== | ||
| + | Configure VPN interface and peers. | ||
| + | |||
| + | <code bash> | ||
| # Configure network | # Configure network | ||
| - | uci -q delete network.${WG_IF} | + | uci -q delete network.${VPN_IF} |
| - | uci set network.${WG_IF}=" | + | uci set network.${VPN_IF}=" |
| - | uci set network.${WG_IF}.proto=" | + | uci set network.${VPN_IF}.proto=" |
| - | uci set network.${WG_IF}.private_key=" | + | uci set network.${VPN_IF}.private_key=" |
| - | uci set network.${WG_IF}.preshared_key=" | + | uci add_list network.${VPN_IF}.addresses=" |
| - | uci add_list network.${WG_IF}.addresses=" | + | uci add_list network.${VPN_IF}.addresses=" |
| - | uci add_list network.${WG_IF}.addresses=" | + | |
| + | # Add VPN peers | ||
| uci -q delete network.wgserver | uci -q delete network.wgserver | ||
| - | uci set network.wgserver=" | + | uci set network.wgserver=" |
| - | uci set network.wgserver.public_key=" | + | uci set network.wgserver.public_key=" |
| - | uci set network.wgserver.endpoint_host=" | + | uci set network.wgserver.preshared_key=" |
| - | uci set network.wgserver.endpoint_port=" | + | uci set network.wgserver.endpoint_host=" |
| + | uci set network.wgserver.endpoint_port=" | ||
| uci set network.wgserver.route_allowed_ips=" | uci set network.wgserver.route_allowed_ips=" | ||
| uci set network.wgserver.persistent_keepalive=" | uci set network.wgserver.persistent_keepalive=" | ||
| - | uci add_list network.wgserver.allowed_ips=" | + | uci add_list network.wgserver.allowed_ips=" |
| - | uci add_list network.wgserver.allowed_ips=" | + | |
| uci add_list network.wgserver.allowed_ips="::/ | uci add_list network.wgserver.allowed_ips="::/ | ||
| uci commit network | uci commit network | ||
| Line 59: | Line 88: | ||
| </ | </ | ||
| - | See also: [[? | + | Resolve [[docs:guide-user: |
| ===== Testing ===== | ===== Testing ===== | ||
| - | {{section> | + | {{section> |
| ===== Troubleshooting ===== | ===== Troubleshooting ===== | ||
| - | {{section> | + | {{section> |
| - | + | ||
| - | {{tag> | + | |