Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:services:vpn:wireguard:start [2019/08/03 02:31] – Moved from docs:guide-user:services:vpn:wireguard vgaetera | docs:guide-user:services:vpn:wireguard:start [2021/03/21 07:17] – flush cache vgaetera | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== WireGuard ====== | ====== WireGuard ====== | ||
| - | WireGuard is an open-source software application and protocol that implements virtual private network (VPN) techniques to create secure point-to-point connections in routed or bridged configurations. | + | {{pagequery>@:docs:guide-user:services:vpn: |
| - | It is run as a module inside the Linux kernel and aims for better performance than the IPsec and OpenVPN tunneling protocols. | + | |
| - | It is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. | + | |
| - | It uses UDP. | + | |
| - | + | ||
| - | ===== Installation ===== | + | |
| - | WireGuard can be installed through the package [[packages: | + | |
| - | + | ||
| - | ==== Creating a Wireguard interface ==== | + | |
| - | To create a new Wireguard interface go to Network > Interfaces > Add new interface... and select " | + | |
| - | + | ||
| - | + | ||
| - | ==== Generate a key pair ===== | + | |
| - | To generate a key pair of private and public keys, and store them to the files " | + | |
| - | + | ||
| - | wg genkey | tee privkey | wg pubkey > pubkey | + | |
| - | + | ||
| - | * The private key (" | + | |
| - | * The public key (" | + | |
| - | + | ||
| - | If you are using LuCI to configure WireGuard, it's enough to run "wg genkey" | + | |
| - | + | ||
| - | ===== External links ===== | + | |
| - | * [[https:// | + | |
| - | * [[https:// | + | |
| - | * [[https:// | + | |
| - | * [[http:// | + | |
| - | + | ||
| - | ===== Instructions ===== | + | |
| - | {{page>meta: | + | |
| - | + | ||
| - | Server configuration: | + | |
| - | + | ||
| - | <code bash> | + | |
| - | # Install packages | + | |
| - | opkg update | + | |
| - | opkg install wireguard | + | |
| - | + | ||
| - | # Configuration parameters | + | |
| - | WG_IF=" | + | |
| - | WG_PORT=" | + | |
| - | WG_PRIVKEY=" | + | |
| - | echo " | + | |
| - | WG_PUBKEY=" | + | |
| - | + | ||
| - | # Configure firewall | + | |
| - | uci del_list firewall.@zone[0].network=" | + | |
| - | uci add_list firewall.@zone[0].network=" | + | |
| - | uci -q delete firewall.wg | + | |
| - | uci set firewall.wg=" | + | |
| - | uci set firewall.wg.name=" | + | |
| - | uci set firewall.wg.src=" | + | |
| - | uci set firewall.wg.dest_port=" | + | |
| - | uci set firewall.wg.proto=" | + | |
| - | uci set firewall.wg.target=" | + | |
| - | uci commit firewall | + | |
| - | service firewall restart | + | |
| - | + | ||
| - | # Configure network | + | |
| - | uci -q delete network.${WG_IF} | + | |
| - | uci set network.${WG_IF}=" | + | |
| - | uci set network.${WG_IF}.proto=" | + | |
| - | uci set network.${WG_IF}.private_key=" | + | |
| - | uci set network.${WG_IF}.listen_port=" | + | |
| - | uci add_list network.${WG_IF}.addresses=" | + | |
| - | uci add_list network.${WG_IF}.addresses=" | + | |
| - | uci -q delete network.wgclient | + | |
| - | uci set network.wgclient=" | + | |
| - | uci set network.wgclient.public_key=" | + | |
| - | uci add_list network.wgclient.allowed_ips=" | + | |
| - | uci add_list network.wgclient.allowed_ips=" | + | |
| - | uci commit network | + | |
| - | service network restart | + | |
| - | </ | + | |
| - | + | ||
| - | Client configuration: | + | |
| - | + | ||
| - | <code bash> | + | |
| - | # Install packages | + | |
| - | opkg update | + | |
| - | opkg install | + | |
| - | + | ||
| - | # Configuration parameters | + | |
| - | WG_IF=" | + | |
| - | WG_PORT=" | + | |
| - | WG_ADDR=" | + | |
| - | WG_PRIVKEY=" | + | |
| - | echo " | + | |
| - | WG_PUBKEY=" | + | |
| - | + | ||
| - | # Configure firewall | + | |
| - | uci del_list firewall.@zone[1].network="${WG_IF}" | + | |
| - | uci add_list firewall.@zone[1].network=" | + | |
| - | uci commit firewall | + | |
| - | service firewall restart | + | |
| - | + | ||
| - | # Configure network | + | |
| - | uci -q delete network.${WG_IF} | + | |
| - | uci set network.${WG_IF}=" | + | |
| - | uci set network.${WG_IF}.proto=" | + | |
| - | uci set network.${WG_IF}.private_key=" | + | |
| - | uci add_list network.${WG_IF}.addresses=" | + | |
| - | uci add_list network.${WG_IF}.addresses=" | + | |
| - | uci -q delete network.wgserver | + | |
| - | uci set network.wgserver=" | + | |
| - | uci set network.wgserver.public_key=" | + | |
| - | uci set network.wgserver.endpoint_host=" | + | |
| - | uci set network.wgserver.endpoint_port=" | + | |
| - | uci set network.wgserver.route_allowed_ips=" | + | |
| - | uci add_list network.wgserver.allowed_ips=" | + | |
| - | uci add_list network.wgserver.allowed_ips=" | + | |
| - | uci add_list network.wgserver.allowed_ips="::/ | + | |
| - | uci commit network | + | |
| - | service network restart | + | |
| - | </ | + | |
| - | + | ||
| - | {{tag> | + | |