Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:services:vpn:wireguard:start [2020/06/03 13:38] – [Generate a key pair] richb-hanover | docs:guide-user:services:vpn:wireguard:start [2021/03/21 07:17] – flush cache vgaetera | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== WireGuard | + | ====== WireGuard ====== |
| - | WireGuard is an open-source software application and protocol that implements virtual private network (VPN) techniques to create secure point-to-point connections in routed or bridged configurations. | + | {{pagequery> |
| - | It is run as a module inside the Linux kernel and aims for better performance than the IPsec and OpenVPN tunneling protocols. | + | |
| - | It is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. | + | |
| - | It uses UDP. | + | |
| - | + | ||
| - | ===== VPN Server or VPN Client ===== | + | |
| - | + | ||
| - | Wireguard is a peer-to-peer VPN service. Each endpoint talks to the other, tunneling/ | + | |
| - | + | ||
| - | * **VPN Server:** If you install Wireguard on your OpenWrt router, you can use Wireguard on your laptop to administer services " | + | |
| - | * **VPN Client:** Installing Wireguard on your laptop lets you connect into a Wireguard endpoint (say, on your OpenWrt router) | + | |
| - | * **Peer-to-Peer VPN"** You can install Wireguard to encrypt traffic between two OpenWrt routers to make them "on the same network" | + | |
| - | + | ||
| - | ===== Installation ===== | + | |
| - | WireGuard can be installed through the package [[packages: | + | |
| - | You'll need to reboot the router. | + | |
| - | + | ||
| - | ==== Creating a Wireguard interface ==== | + | |
| - | To create a new Wireguard interface go to Network > Interfaces > Add new interface... and select " | + | |
| - | + | ||
| - | ==== Generate a key pair ===== | + | |
| - | Generate a key pair of private and public keys, and store them in ''/ | + | |
| - | + | ||
| - | <code bash> | + | |
| - | mkdir -p / | + | |
| - | cd / | + | |
| - | wg genkey | tee ./ | + | |
| - | </ | + | |
| - | + | ||
| - | This saves two files in ''/ | + | |
| - | * Use the **privatekey** to configure the Wireguard interface on this router. Keep it secret: there is never a need to send the private key anywhere else. | + | |
| - | * Use the **publickey** to configure peers that will connect to this router through the WireGuard VPN. | + | |
| - | * //Note:// You can use the last line alone (e.g., '' | + | |
| - | + | ||
| - | The LuCI menu **Status -> WireGuard Status** shows information about the WireGuard VPN. | + | |
| - | + | ||
| - | ===== Internal links ===== | + | |
| - | {{pagequery> | + | |
| - | + | ||
| - | See also: | + | |
| - | * [[: | + | |
| - | * [[docs: | + | |
| - | + | ||
| - | ===== External links ===== | + | |
| - | * [[https:// | + | |
| - | * [[https:// | + | |
| - | * [[https:// | + | |
| - | * [[http:// | + | |