Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:vpn:wireguard:start [2020/06/03 13:37] – [Generate a key pair] tweak pub/priv key command richb-hanoverdocs:guide-user:services:vpn:wireguard:start [2021/03/21 07:17] – flush cache vgaetera
Line 1: Line 1:
-====== WireGuard VPN ====== +====== WireGuard ====== 
-WireGuard is an open-source software application and protocol that implements virtual private network (VPN) techniques to create secure point-to-point connections in routed or bridged configurations. +{{pagequery>@:docs:guide-user:services:vpn:wireguard *;sort=ns,title;group;cols=1;hidestart;hidejump;display={title};filter=!name:sidebar}}
-It is run as a module inside the Linux kernel and aims for better performance than the IPsec and OpenVPN tunneling protocols. +
-It is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. +
-It uses UDP. +
- +
-===== VPN Server or VPN Client ===== +
- +
-Wireguard is a peer-to-peer VPN service. Each endpoint talks to the other, tunneling/encrypting the data between them. For example, Wireguard can provide: +
- +
-  * **VPN Server:** If you install Wireguard on your OpenWrt router, you can use Wireguard on your laptop to administer services "inside" your local network +
-  * **VPN Client:** Installing Wireguard on your laptop lets you connect into a Wireguard endpoint (say, on your OpenWrt router) +
-  * **Peer-to-Peer VPN"** You can install Wireguard to encrypt traffic between two OpenWrt routers to make them "on the same network"+
- +
-===== Installation ===== +
-WireGuard can be installed through the package [[packages:pkgdata:wireguard|wireguard]] and [[packages:pkgdata:luci-app-wireguard|luci-app-wireguard]] for integration with LuCI. +
-You'll need to reboot the router. +
- +
-==== Creating a Wireguard interface ==== +
-To create a new Wireguard interface go to Network > Interfaces > Add new interface... and select "WireguardVPN" from the "Protocol of the new interface" dropdown menu. +
- +
-==== Generate a key pair ===== +
-Generate a key pair of private and public keys, and store them in ''/etc/wireguard'' for easy reference. [[:docs:guide-quick-start:sshadministration|From a terminal, enter:]] +
- +
-<code bash> +
-mkdir -p /etc/wireguard +
-cd /etc/wireguard +
-wg genkey | tee ./privatekey | wg pubkey > ./publickey +
-</code> +
- +
-This saves two files in ''/etc/wireguard'': +
-  * Use the **privatekey** to configure the Wireguard interface on this router. Keep it secret: there is never a need to send the private key anywhere else. +
-  * Use the publickey") to configure peers that will connect to this router through the WireGuard VPN.  +
-  * //Note:// You can use the last line alone (e.g., '' wg genkey ... '') to create new private/public keys in the current directory. These could be used to set up a peer. +
- +
-The LuCI menu **Status -> WireGuard Status** shows information about the WireGuard VPN. +
- +
-===== Internal links ===== +
-{{pagequery>@:docs:guide-user:services:vpn:wireguard *;sort=ns,title;cols=1;hidestart;hidejump;display={title};filter=!name:sidebar;bullet=square}} +
- +
-See also: +
-  * [[:docs:guide-user:network:tunneling_interface_protocols#protocol_wireguard_wireguard_vpn|WireGuard Essential Parameters]] +
-  * [[docs:guide-user:network:tunneling_interface_protocols#static_addressing_of_wireguard_tunnel|WireGuard configuration example]] +
- +
-===== External links ===== +
-  * [[https://www.wireguard.com/|WireGuard Homepage]] +
-  * [[https://www.wireguard.com/papers/wireguard.pdf|WireGuard's technical whitepaper]] +
-  * [[https://git.zx2c4.com/WireGuard/|WireGuard's repository]] +
-  * [[http://chrisbuchan.co.uk/uncategorized/wireguard-setup-openwrt/|WireGuard setup walkthrough]]+
  
  • Last modified: 2021/08/02 17:11
  • by vgaetera