Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:vpn:wireguard:start [2019/08/03 02:31] – Moved from docs:guide-user:services:vpn:wireguard vgaeteradocs:guide-user:services:vpn:wireguard:start [2021/03/21 07:17] – flush cache vgaetera
Line 1: Line 1:
 ====== WireGuard ====== ====== WireGuard ======
-WireGuard is an open-source software application and protocol that implements virtual private network (VPN) techniques to create secure point-to-point connections in routed or bridged configurations. +{{pagequery>@:docs:guide-user:services:vpn:wireguard *;sort=ns,title;group;cols=1;hidestart;hidejump;display={title};filter=!name:sidebar}}
-It is run as a module inside the Linux kernel and aims for better performance than the IPsec and OpenVPN tunneling protocols. +
-It is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. +
-It uses UDP. +
- +
-===== Installation ===== +
-WireGuard can be installed through the package [[packages:pkgdata:wireguard|wireguard]] and [[packages:pkgdata:luci-app-wireguard|luci-app-wireguard]] for integration with LuCI. +
- +
-==== Creating a Wireguard interface ==== +
-To create a new Wireguard interface go to Network > Interfaces > Add new interface... and select "Wireguard VPN" from the "Protocol of the new interface" dropdown menu. +
- +
- +
-==== Generate a key pair ===== +
-To generate a key pair of private and public keys, and store them to the files "privkey" and "pubkey" respectively, run: +
- +
-  wg genkey | tee privkey | wg pubkey > pubkey +
- +
-  * The private key ("privkey") must be kept secret and safe; It's the key you enter into the config, for example in LuCI. +
-  * The public key ("pubkey") is shared with peers (the other end that gets connected with). +
- +
-If you are using LuCI to configure WireGuard, it's enough to run "wg genkey" and copy the output into the field "Private Key"; The public key is then later shown in the LuCI interface under Status > WireGuard status. +
- +
-===== External links ===== +
-  * [[https://www.wireguard.com/|WireGuard Homepage]] +
-  * [[https://www.wireguard.com/papers/wireguard.pdf|WireGuard's technical whitepaper]] +
-  * [[https://git.zx2c4.com/WireGuard/|WireGuard's repository]] +
-  * [[http://chrisbuchan.co.uk/uncategorized/wireguard-setup-openwrt/|WireGuard setup walkthrough]] +
- +
-===== Instructions ===== +
-{{page>meta:infobox:wip&noheader&nofooter&noeditbtn}} +
- +
-Server configuration: +
- +
-<code bash> +
-# Install packages +
-opkg update +
-opkg install wireguard +
- +
-# Configuration parameters +
-WG_IF="wg0" +
-WG_PORT="49999" +
-WG_PRIVKEY="$(wg genkey)" +
-echo "${WG_PRIVKEY}" | wg pubkey +
-WG_PUBKEY="COPY_PASTE_CLIENT_PUBKEY" +
- +
-# Configure firewall +
-uci del_list firewall.@zone[0].network="${WG_IF}" +
-uci add_list firewall.@zone[0].network="${WG_IF}" +
-uci -q delete firewall.wg +
-uci set firewall.wg="rule" +
-uci set firewall.wg.name="Allow-WireGuard" +
-uci set firewall.wg.src="wan" +
-uci set firewall.wg.dest_port="${WG_PORT}" +
-uci set firewall.wg.proto="udp" +
-uci set firewall.wg.target="ACCEPT" +
-uci commit firewall +
-service firewall restart +
- +
-# Configure network +
-uci -q delete network.${WG_IF} +
-uci set network.${WG_IF}="interface" +
-uci set network.${WG_IF}.proto="wireguard" +
-uci set network.${WG_IF}.private_key="${WG_PRIVKEY}" +
-uci set network.${WG_IF}.listen_port="${WG_PORT}" +
-uci add_list network.${WG_IF}.addresses="192.168.9.1/24" +
-uci add_list network.${WG_IF}.addresses="fdf1:7610:d152:3a9c::1/64" +
-uci -q delete network.wgclient +
-uci set network.wgclient="wireguard_${WG_IF}" +
-uci set network.wgclient.public_key="${WG_PUBKEY}" +
-uci add_list network.wgclient.allowed_ips="0.0.0.0/0" +
-uci add_list network.wgclient.allowed_ips="::/0" +
-uci commit network +
-service network restart +
-</code> +
- +
-Client configuration: +
- +
-<code bash> +
-# Install packages +
-opkg update +
-opkg install wireguard +
- +
-# Configuration parameters +
-WG_IF="wg0" +
-WG_PORT="49999" +
-WG_ADDR="SERVER_NAME_OR_IP_ADDRESS" +
-WG_PRIVKEY="$(wg genkey)" +
-echo "${WG_PRIVKEY}" | wg pubkey +
-WG_PUBKEY="COPY_PASTE_SERVER_PUBKEY" +
- +
-# Configure firewall +
-uci del_list firewall.@zone[1].network="${WG_IF}+
-uci add_list firewall.@zone[1].network="${WG_IF}" +
-uci commit firewall +
-service firewall restart +
- +
-# Configure network +
-uci -q delete network.${WG_IF} +
-uci set network.${WG_IF}="interface" +
-uci set network.${WG_IF}.proto="wireguard" +
-uci set network.${WG_IF}.private_key="${WG_PRIVKEY}" +
-uci add_list network.${WG_IF}.addresses="192.168.9.2/24" +
-uci add_list network.${WG_IF}.addresses="fdf1:7610:d152:3a9c::2/64" +
-uci -q delete network.wgserver +
-uci set network.wgserver="wireguard_${WG_IF}" +
-uci set network.wgserver.public_key="${WG_PUBKEY}" +
-uci set network.wgserver.endpoint_host="${WG_ADDR}" +
-uci set network.wgserver.endpoint_port="${WG_PORT}" +
-uci set network.wgserver.route_allowed_ips="1" +
-uci add_list network.wgserver.allowed_ips="0.0.0.0/1" +
-uci add_list network.wgserver.allowed_ips="128.0.0.0/1" +
-uci add_list network.wgserver.allowed_ips="::/0" +
-uci commit network +
-service network restart +
-</code> +
- +
-{{tag>VPN WireGuard}}+
  
  • Last modified: 2021/08/02 17:11
  • by vgaetera