Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:services:vpn:wireguard:client [2023/01/17 04:33] – [WireGuard client] update infobox vgaetera | docs:guide-user:services:vpn:wireguard:client [2023/10/28 18:47] – [2. Key management] vgaetera | ||
|---|---|---|---|
| Line 12: | Line 12: | ||
| ==== 1. Preparation ==== | ==== 1. Preparation ==== | ||
| Install the required packages. | Install the required packages. | ||
| - | Specify | + | Specify configuration parameters |
| <code bash> | <code bash> | ||
| Line 20: | Line 20: | ||
| # Configuration parameters | # Configuration parameters | ||
| - | WG_IF=" | + | VPN_IF=" |
| - | WG_SERV=" | + | VPN_SERV=" |
| - | WG_PORT=" | + | VPN_PORT=" |
| - | WG_ADDR=" | + | VPN_ADDR=" |
| - | WG_ADDR6="fdf1: | + | VPN_ADDR6="fd00: |
| </ | </ | ||
| ==== 2. Key management ==== | ==== 2. Key management ==== | ||
| - | Generate and exchange keys between server and client. | + | Generate and exchange |
| <code bash> | <code bash> | ||
| Line 38: | Line 38: | ||
| # Client private key | # Client private key | ||
| - | WG_KEY=" | + | VPN_KEY=" |
| # Pre-shared key | # Pre-shared key | ||
| - | WG_PSK=" | + | VPN_PSK=" |
| # Server public key | # Server public key | ||
| - | WG_PUB=" | + | VPN_PUB=" |
| </ | </ | ||
| Line 55: | Line 55: | ||
| uci rename firewall.@zone[0]=" | uci rename firewall.@zone[0]=" | ||
| uci rename firewall.@zone[1]=" | uci rename firewall.@zone[1]=" | ||
| - | uci del_list firewall.wan.network=" | + | uci del_list firewall.wan.network=" |
| - | uci add_list firewall.wan.network=" | + | uci add_list firewall.wan.network=" |
| uci commit firewall | uci commit firewall | ||
| - | / | + | service |
| </ | </ | ||
| Line 66: | Line 66: | ||
| <code bash> | <code bash> | ||
| # Configure network | # Configure network | ||
| - | uci -q delete network.${WG_IF} | + | uci -q delete network.${VPN_IF} |
| - | uci set network.${WG_IF}=" | + | uci set network.${VPN_IF}=" |
| - | uci set network.${WG_IF}.proto=" | + | uci set network.${VPN_IF}.proto=" |
| - | uci set network.${WG_IF}.private_key=" | + | uci set network.${VPN_IF}.private_key=" |
| - | uci add_list network.${WG_IF}.addresses=" | + | uci add_list network.${VPN_IF}.addresses=" |
| - | uci add_list network.${WG_IF}.addresses=" | + | uci add_list network.${VPN_IF}.addresses=" |
| # Add VPN peers | # Add VPN peers | ||
| uci -q delete network.wgserver | uci -q delete network.wgserver | ||
| - | uci set network.wgserver=" | + | uci set network.wgserver=" |
| - | uci set network.wgserver.public_key=" | + | uci set network.wgserver.public_key=" |
| - | uci set network.wgserver.preshared_key=" | + | uci set network.wgserver.preshared_key=" |
| - | uci set network.wgserver.endpoint_host=" | + | uci set network.wgserver.endpoint_host=" |
| - | uci set network.wgserver.endpoint_port=" | + | uci set network.wgserver.endpoint_port=" |
| uci set network.wgserver.route_allowed_ips=" | uci set network.wgserver.route_allowed_ips=" | ||
| uci set network.wgserver.persistent_keepalive=" | uci set network.wgserver.persistent_keepalive=" | ||
| Line 85: | Line 85: | ||
| uci add_list network.wgserver.allowed_ips="::/ | uci add_list network.wgserver.allowed_ips="::/ | ||
| uci commit network | uci commit network | ||
| - | / | + | service |
| </ | </ | ||