Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:vpn:wireguard:client [2023/01/17 04:33] – [WireGuard client] update infobox vgaeteradocs:guide-user:services:vpn:wireguard:client [2023/10/28 18:47] – [2. Key management] vgaetera
Line 12: Line 12:
 ==== 1. Preparation ==== ==== 1. Preparation ====
 Install the required packages. Install the required packages.
-Specify the VPN client configuration parameters.+Specify configuration parameters for VPN client.
  
 <code bash> <code bash>
Line 20: Line 20:
  
 # Configuration parameters # Configuration parameters
-WG_IF="vpn" +VPN_IF="vpn" 
-WG_SERV="SERVER_ADDRESS" +VPN_SERV="SERVER_ADDRESS" 
-WG_PORT="51820" +VPN_PORT="51820" 
-WG_ADDR="192.168.9.2/24" +VPN_ADDR="192.168.9.2/24" 
-WG_ADDR6="fdf1:e8a1:8d3f:9::2/64"+VPN_ADDR6="fd00:9::2/64"
 </code> </code>
  
 ==== 2. Key management ==== ==== 2. Key management ====
-Generate and exchange keys between server and client.+Generate and exchange [[docs:guide-user:services:vpn:wireguard:basics#key_management|keys]] between server and client.
  
 <code bash> <code bash>
Line 38: Line 38:
  
 # Client private key # Client private key
-WG_KEY="$(cat wgclient.key)"+VPN_KEY="$(cat wgclient.key)"
  
 # Pre-shared key # Pre-shared key
-WG_PSK="$(cat wgclient.psk)"+VPN_PSK="$(cat wgclient.psk)"
  
 # Server public key # Server public key
-WG_PUB="$(cat wgserver.pub)"+VPN_PUB="$(cat wgserver.pub)"
 </code> </code>
  
Line 55: Line 55:
 uci rename firewall.@zone[0]="lan" uci rename firewall.@zone[0]="lan"
 uci rename firewall.@zone[1]="wan" uci rename firewall.@zone[1]="wan"
-uci del_list firewall.wan.network="${WG_IF}" +uci del_list firewall.wan.network="${VPN_IF}" 
-uci add_list firewall.wan.network="${WG_IF}"+uci add_list firewall.wan.network="${VPN_IF}"
 uci commit firewall uci commit firewall
-/etc/init.d/firewall restart+service firewall restart
 </code> </code>
  
Line 66: Line 66:
 <code bash> <code bash>
 # Configure network # Configure network
-uci -q delete network.${WG_IF+uci -q delete network.${VPN_IF
-uci set network.${WG_IF}="interface" +uci set network.${VPN_IF}="interface" 
-uci set network.${WG_IF}.proto="wireguard" +uci set network.${VPN_IF}.proto="wireguard" 
-uci set network.${WG_IF}.private_key="${WG_KEY}" +uci set network.${VPN_IF}.private_key="${VPN_KEY}" 
-uci add_list network.${WG_IF}.addresses="${WG_ADDR}" +uci add_list network.${VPN_IF}.addresses="${VPN_ADDR}" 
-uci add_list network.${WG_IF}.addresses="${WG_ADDR6}"+uci add_list network.${VPN_IF}.addresses="${VPN_ADDR6}"
  
 # Add VPN peers # Add VPN peers
 uci -q delete network.wgserver uci -q delete network.wgserver
-uci set network.wgserver="wireguard_${WG_IF}" +uci set network.wgserver="wireguard_${VPN_IF}" 
-uci set network.wgserver.public_key="${WG_PUB}" +uci set network.wgserver.public_key="${VPN_PUB}" 
-uci set network.wgserver.preshared_key="${WG_PSK}" +uci set network.wgserver.preshared_key="${VPN_PSK}" 
-uci set network.wgserver.endpoint_host="${WG_SERV}" +uci set network.wgserver.endpoint_host="${VPN_SERV}" 
-uci set network.wgserver.endpoint_port="${WG_PORT}"+uci set network.wgserver.endpoint_port="${VPN_PORT}"
 uci set network.wgserver.route_allowed_ips="1" uci set network.wgserver.route_allowed_ips="1"
 uci set network.wgserver.persistent_keepalive="25" uci set network.wgserver.persistent_keepalive="25"
Line 85: Line 85:
 uci add_list network.wgserver.allowed_ips="::/0" uci add_list network.wgserver.allowed_ips="::/0"
 uci commit network uci commit network
-/etc/init.d/network restart+service network restart
 </code> </code>
  
  • Last modified: 2024/12/01 22:32
  • by aveao