Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:services:vpn:wireguard:start [2020/10/03 19:58] – [Creating a WireGuard interface] formatting vgaetera | docs:guide-user:services:vpn:wireguard:start [2021/03/21 07:17] – flush cache vgaetera | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== WireGuard ====== | ====== WireGuard ====== | ||
| - | {{section> | + | {{pagequery> |
| - | + | ||
| - | WireGuard is an open-source software application and protocol that implements virtual private network (VPN) techniques to create secure point-to-point connections in routed or bridged configurations. | + | |
| - | It is run as a module inside the Linux kernel and aims for better performance than the IPsec and OpenVPN tunneling protocols. | + | |
| - | It is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. | + | |
| - | It uses UDP. | + | |
| - | + | ||
| - | ===== VPN peers ===== | + | |
| - | WireGuard is a peer-to-peer VPN service. | + | |
| - | The protocol itself treats all peers equally, so there is nothing that distinguishes a server from a client. | + | |
| - | That said, this VPN protocol is highly flexible and can be used as a direct peer-to-peer communications channel, server-client type relationship or in a site-to-site configuration. | + | |
| - | [[docs: | + | |
| - | + | ||
| - | ===== Key management ===== | + | |
| - | WireGuard generally relies on relies on [[wp> | + | |
| - | This means you should generate private keys on the respective peers and exchange only their public keys. | + | |
| - | + | ||
| - | In addition for better security, you can also generate and exchange a pre-shared key. | + | |
| - | Each 2 peers should use a common pre-shared key. | + | |
| - | + | ||
| - | ===== Installation ===== | + | |
| - | WireGuard can be installed through the package [[packages: | + | |
| - | You'll need to reboot the router. | + | |
| - | + | ||
| - | ==== Creating a WireGuard interface ==== | + | |
| - | To create a new WireGuard interface go to **Network -> Interfaces -> Add new interface...** and select " | + | |
| - | + | ||
| - | ==== Generate a key pair ===== | + | |
| - | Generate a key pair of private and public keys. | + | |
| - | + | ||
| - | <code bash> | + | |
| - | wg genkey | tee wg.key | wg pubkey > wg.pub | + | |
| - | </ | + | |
| - | + | ||
| - | * Use the **wg.key** file to configure the WireGuard interface on this router. | + | |
| - | * Use the **wg.pub** file to configure peers that will connect to //this// router through the WireGuard VPN. | + | |
| - | + | ||
| - | The LuCI menu **Status -> WireGuard Status** shows information about the WireGuard VPN. | + | |
| - | + | ||
| - | ===== Internal links ===== | + | |
| - | {{pagequery> | + | |
| - | + | ||
| - | See also: | + | |
| - | * [[docs: | + | |
| - | * [[docs: | + | |
| - | + | ||
| - | ===== External links ===== | + | |
| - | * [[https:// | + | |
| - | * [[https:// | + | |
| - | * [[https:// | + | |
| - | * [[https:// | + | |