Julian Lemmerich's Homenetwork wiki

Benutzer-Werkzeuge

Webseiten-Werkzeuge

Zuletzt angesehen:
knowledge_base:useful_software:s2svpn_wg

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen der Seite angezeigt.

Link zu der Vergleichsansicht

Beide Seiten, vorherige ÜberarbeitungVorherige Überarbeitung
Nächste Überarbeitung		Vorherige Überarbeitung
knowledge_base:useful_software:s2svpn_wg [2024/11/21 17:30] – add key generation julian.lemmerichknowledge_base:useful_software:s2svpn_wg [2024/11/21 17:40] (aktuell) – add PSK julian.lemmerich
Zeile 37: Zeile 37:
 </code> </code>
  
-==== enable ip forwarding ====+===== Configuration =====
  
-this has to be done on both server and client.+==== "Server" config ====
  
-<file bash /etc/sysctl.conf> +<file . /etc/wireguard/wgx.conf>
-net.ipv4.ip_forward=1 +
-net.ipv6.conf.all.forwarding=1 +
-</file> +
- +
-==== server config ==== +
- +
-<file bash /etc/wireguard/wgx.conf>+
 [Interface] [Interface]
 Address = 10.99.x.1/30               # this address is the tunnel address Address = 10.99.x.1/30               # this address is the tunnel address
-ListenPort = 31037                   # this port is the physical port that should be listened on.+ListenPort = 31037                   # this port is the port that should be listened on.
 PrivateKey = 6GcJf56i5dY30t7tyuGExlJFl/vkiYcyfvDrTJoevWg= PrivateKey = 6GcJf56i5dY30t7tyuGExlJFl/vkiYcyfvDrTJoevWg=
-SaveConfig false+# PresharedKey <psk>               # optional
  
-PostUp = iptables -A FORWARD -i %i -j ACCEPT+PostUp = iptables -A FORWARD -i %i -j ACCEPT       # commands here get executed on tunnel up, useful for firewall config for example
 PostDown = iptables -D FORWARD -i %i -j ACCEPT PostDown = iptables -D FORWARD -i %i -j ACCEPT
    
Zeile 61: Zeile 54:
 #Name = XY #Name = XY
 PublicKey = KSODnmNkJG+ASAirrpmZJhEHwnCNoa7fIhvBS/txJQY= PublicKey = KSODnmNkJG+ASAirrpmZJhEHwnCNoa7fIhvBS/txJQY=
-AllowedIPs = 192.168.10.0/24,192.168.11.0/24,192.168.12.0/24,192.168.13.0/24,192.168.14.0/24,192.168.15.0/24,10.98.3.0/30,10.99.3.2/32 this is an example list of allowed ips taken from n02+AllowedIPs = 192.168.11.0/24         IP-Space of the Client that is allowed to be routed through.
 </file> </file>
  
-==== client conf ====+==== "Client" conf ====
  
-<file bash /etc/wireguard/wgx.conf>+<file /etc/wireguard/wgx.conf>
 [Interface] [Interface]
 Address = 10.99.x.2/30 Address = 10.99.x.2/30
 +#ListenPort = 51820                  # If ListenPort is not set, a random port is chosen. For example for a Client behind NAT this is not needed
 PrivateKey = qEX8Ag5QmckFHRGX8Cg308N1XXzfp3VXE2MKYPlA2Eo= PrivateKey = qEX8Ag5QmckFHRGX8Cg308N1XXzfp3VXE2MKYPlA2Eo=
 +#PresharedKey = <psk>                # optional
  
 PostUp = iptables -A FORWARD -i %i -j ACCEPT PostUp = iptables -A FORWARD -i %i -j ACCEPT
Zeile 76: Zeile 71:
 [Peer] [Peer]
 PublicKey = 28b1ickTXZiU5XtZbsj6YJuzhkcJXrNP145C3MGBQS0= PublicKey = 28b1ickTXZiU5XtZbsj6YJuzhkcJXrNP145C3MGBQS0=
-AllowedIPs = 192.168.8.0/21,192.168.16.0/21,192.168.24.0/22,10.98.2.0/30,10.99.3.1/30,10.99.7.1/32   # this is a bit of a collapsed view of my home networks +AllowedIPs = 0.0.0.0/              # this means everything is routed. For split tunnel, only route certain subnets. 
-Endpoint = 130.83.6.100:31037 +Endpoint = 130.83.6.100:31037        # This Client will reach out to the hardcoded Endpoint. It can be specified on both sides. 
-PersistentKeepalive = 2+PersistentKeepalive = 25             # Send a keepalive packet every 25s
 </file> </file>
  
Zeile 88: Zeile 83:
  
 ==== always start wg ==== ==== always start wg ====
- 
-on both server and client 
  
 <code> <code>
/app/www/public/data/attic/knowledge_base/useful_software/s2svpn_wg.1732206635.txt.gz · Zuletzt geändert: 2024/11/21 17:30 von julian.lemmerich

Seiten-Werkzeuge

Falls nicht anders bezeichnet, ist der Inhalt dieses Wikis unter der folgenden Lizenz veröffentlicht: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki