Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:vpn:wireguard:start [2020/10/03 19:57] – [Generate a key pair] use consistent naming vgaeteradocs:guide-user:services:vpn:wireguard:start [2021/03/21 07:17] – flush cache vgaetera
Line 1: Line 1:
 ====== WireGuard ====== ====== WireGuard ======
-{{section>meta:infobox:howto_links#basic_skills&noheader&nofooter&noeditbutton}} +{{pagequery>@:docs:guide-user:services:vpn:wireguard *;sort=ns,title;group;cols=1;hidestart;hidejump;display={title};filter=!name:sidebar}}
- +
-WireGuard is an open-source software application and protocol that implements virtual private network (VPN) techniques to create secure point-to-point connections in routed or bridged configurations. +
-It is run as a module inside the Linux kernel and aims for better performance than the IPsec and OpenVPN tunneling protocols. +
-It is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. +
-It uses UDP. +
- +
-===== VPN peers ===== +
-WireGuard is a peer-to-peer VPN service. +
-The protocol itself treats all peers equally, so there is nothing that distinguishes a server from a client. +
-That said, this VPN protocol is highly flexible and can be used as a direct peer-to-peer communications channel, server-client type relationship or in a site-to-site configuration. +
-[[docs:guide-user:services:vpn:wireguard:serverclient|Wireguard as a VPN server or client]] provides some examples of the various contexts in which WireGuard may be configured. +
- +
-===== Key management ===== +
-WireGuard generally relies on relies on [[wp>Public-key_cryptography|public-key cryptography]]. +
-This means you should generate private keys on the respective peers and exchange only their public keys. +
- +
-In addition for better security, you can also generate and exchange a pre-shared key. +
-Each 2 peers should use a common pre-shared key. +
- +
-===== Installation ===== +
-WireGuard can be installed through the package [[packages:pkgdata:wireguard|wireguard]] and [[packages:pkgdata:luci-app-wireguard|luci-app-wireguard]] for integration with LuCI. +
-You'll need to reboot the router. +
- +
-==== Creating a WireGuard interface ==== +
-To create a new WireGuard interface go to **Network > Interfaces > Add new interface...** and select "WireGuard VPN" from the "Protocol" dropdown menu. +
- +
-==== Generate a key pair ===== +
-Generate a key pair of private and public keys. +
- +
-<code bash> +
-wg genkey | tee wg.key | wg pubkey > wg.pub +
-</code> +
- +
-  * Use the **wg.key** file to configure the WireGuard interface on this router. +
-  * Use the **wg.pub** file to configure peers that will connect to //this// router through the WireGuard VPN. +
- +
-The LuCI menu **Status -> WireGuard Status** shows information about the WireGuard VPN. +
- +
-===== Internal links ===== +
-{{pagequery>@:docs:guide-user:services:vpn:wireguard *;sort=ns,title;cols=1;hidestart;hidejump;display={title};filter=!name:sidebar;bullet=square}} +
- +
-See also: +
-  * [[docs:guide-user:network:tunneling_interface_protocols#protocol_wireguard_wireguard_vpn|WireGuard essential parameters]] +
-  * [[docs:guide-user:network:tunneling_interface_protocols#static_addressing_of_wireguard_tunnel|WireGuard configuration example]] +
- +
-===== External links ===== +
-  * [[https://www.wireguard.com/|WireGuard Homepage]] +
-  * [[https://www.wireguard.com/papers/wireguard.pdf|WireGuard's technical whitepaper]] +
-  * [[https://git.zx2c4.com/WireGuard/|WireGuard's repository]] +
-  * [[https://chrisbuchan.co.uk/uncategorized/wireguard-setup-openwrt/|WireGuard setup walkthrough]]+
  
  • Last modified: 2021/08/02 17:11
  • by vgaetera