Bearbeiten von „Wireguard“
Zur Navigation springen
Zur Suche springen
Warnung: Du bist nicht angemeldet. Deine IP-Adresse wird bei Bearbeitungen öffentlich sichtbar. Melde dich an oder erstelle ein Benutzerkonto, damit Bearbeitungen deinem Benutzernamen zugeordnet werden.
Die Bearbeitung kann rückgängig gemacht werden. Bitte prüfe den Vergleich unten, um sicherzustellen, dass du dies tun möchtest, und veröffentliche dann unten deine Änderungen, um die Bearbeitung rückgängig zu machen.
Aktuelle Version | Dein Text | ||
Zeile 8: | Zeile 8: | ||
== Zentrale einrichten == | == Zentrale einrichten == | ||
=== Scripts erstellen === | === Scripts erstellen === | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
FN_SCRIPT=/etc/wireguard/Build | FN_SCRIPT=/etc/wireguard/Build | ||
cat <<'ESCRIPT' >$FN_SCRIPT | cat <<'ESCRIPT' >$FN_SCRIPT | ||
#! /bin/bash | #! /bin/bash | ||
WG_ID=$1 | |||
function Server(){ | function Server(){ | ||
source db/$ | source db/$WG_ID/server.conf | ||
cat <<EOS >$ | cat <<EOS >$WG_ID.conf | ||
[Interface] | [Interface] | ||
Address = $IP_SERVER | Address = $IP_SERVER | ||
Zeile 41: | Zeile 24: | ||
EOS | EOS | ||
echo "= created: $ | echo "= created: $WG_ID.conf" | ||
} | } | ||
Zeile 47: | Zeile 30: | ||
local config=$1 | local config=$1 | ||
source $config | source $config | ||
local fn=$ | local fn=$WG_ID.conf | ||
cat <<EOS >>$fn | cat <<EOS >>$fn | ||
[Peer] | [Peer] | ||
Zeile 61: | Zeile 44: | ||
echo "+++ $*" | echo "+++ $*" | ||
} | } | ||
if [ -z "$ | if [ -z "$WG_ID" ]; then | ||
Usage "missing VPN_ID" | Usage "missing VPN_ID" | ||
elif [ ! -d db/$ | elif [ ! -d db/$WG_ID ]; then | ||
Usage "VPN_ID not defined: $ | Usage "VPN_ID not defined: $WG_ID" | ||
echo "= available:" | echo "= available:" | ||
for dir in db/*; do | for dir in db/*; do | ||
Zeile 71: | Zeile 54: | ||
else | else | ||
Server | Server | ||
for client in db/$ | for client in db/$WG_ID/clients/*.conf; do | ||
Client $client | Client $client | ||
done | done | ||
Zeile 78: | Zeile 61: | ||
echo "created: $FN_SCRIPT" | echo "created: $FN_SCRIPT" | ||
chmod +x $FN_SCRIPT | chmod +x $FN_SCRIPT | ||
# ======= | |||
==== | |||
FN_SCRIPT=/etc/wireguard/BuildServer | FN_SCRIPT=/etc/wireguard/BuildServer | ||
cat <<'SCRIPT' >$FN_SCRIPT | cat <<'SCRIPT' >$FN_SCRIPT | ||
#! /bin/bash | #! /bin/bash | ||
WG_ID=$1 | |||
IP_SERVER=$2 | IP_SERVER=$2 | ||
HOST=$3 | |||
PORT=$4 | |||
test -z "$HOST" && HOST=$(hostname) | test -z "$HOST" && HOST=$(hostname) | ||
test -z "$PORT" && PORT=51820 | test -z "$PORT" && PORT=51820 | ||
function Usage(){ | function Usage(){ | ||
echo "Usage BuildServer VPN_ID | echo "Usage BuildServer VPN_ID IP [HOST [PORT]]" | ||
echo "Example: BuildServer wg0 10.10.100.1/24 | echo "Example: BuildServer wg0 10.10.100.1/24 dragon 51820" | ||
} | } | ||
function Create(){ | function Create(){ | ||
mkdir -p db/$ | mkdir -p db/$WG_ID/clients | ||
local fnPrivateKey=db/$ | local fnPrivateKey=db/$WG_ID/private.key | ||
if [ ! -e $fnPrivateKey ]; then | if [ ! -e $fnPrivateKey ]; then | ||
wg genkey > $fnPrivateKey | wg genkey > $fnPrivateKey | ||
Zeile 110: | Zeile 85: | ||
echo "= created: $fnPrivateKey" | echo "= created: $fnPrivateKey" | ||
fi | fi | ||
local fnPublicKey=db/$ | local fnPublicKey=db/$WG_ID/public.key | ||
if [ ! -e $fnPublicKey ]; then | if [ ! -e $fnPublicKey ]; then | ||
wg <$fnPrivateKey pubkey >$fnPublicKey | wg <$fnPrivateKey pubkey >$fnPublicKey | ||
echo "= created: $fnPublicKey" | echo "= created: $fnPublicKey" | ||
fi | fi | ||
local fnConfig=db/$ | local fnConfig=db/$WG_ID/server.conf | ||
cat <<EOS >$fnConfig | cat <<EOS >$fnConfig | ||
WG_ID=$WG_ID | |||
IP_SERVER=$IP_SERVER | IP_SERVER=$IP_SERVER | ||
PORT=$PORT | PORT=$PORT | ||
PRIVATE_KEY=$(cat $fnPrivateKey) | PRIVATE_KEY=$(cat $fnPrivateKey) | ||
EOS | EOS | ||
echo "= created: $fnConfig" | echo "= created: $fnConfig" | ||
} | } | ||
Zeile 139: | Zeile 110: | ||
chmod +x $FN_SCRIPT | chmod +x $FN_SCRIPT | ||
echo "= created: $FN_SCRIPT" | echo "= created: $FN_SCRIPT" | ||
# ======= | |||
==== | |||
FN_SCRIPT=/etc/wireguard/ImportClient | FN_SCRIPT=/etc/wireguard/ImportClient | ||
cat <<'SCRIPT' >$FN_SCRIPT | |||
#! /bin/bash | #! /bin/bash | ||
WG_ID=$1 | |||
CLIENT=$2 | CLIENT=$2 | ||
PUBLIC_KEY=$3 | PUBLIC_KEY=$3 | ||
Zeile 154: | Zeile 121: | ||
function Usage(){ | function Usage(){ | ||
echo "Usage: | echo "Usage: BuildClient VPN_ID CLIENT_NAME IP_CLIENT PUB_KEY ALLOWED_IDS" | ||
echo "Example: | echo "Example: BuildClient wg0 joe 10.10.100.44/32 0fajdkafkdla02jiw902902= 10.10.100.0/24,10.10.101.0/24" | ||
echo "+++ $*" | echo "+++ $*" | ||
} | } | ||
function Create(){ | function Create(){ | ||
mkdir -p db/$ | mkdir -p db/$WG_ID/clients | ||
local fnConfig=db/$ | local fnConfig=db/$WG_ID/clients/$CLIENT.conf | ||
cat <<EOS >$fnConfig | cat <<EOS >$fnConfig | ||
CLIENT=$CLIENT | CLIENT=$CLIENT | ||
Zeile 172: | Zeile 139: | ||
if [ -z "$ALLOWED_IPS" ]; then | if [ -z "$ALLOWED_IPS" ]; then | ||
Usage "missing arguments" | Usage "missing arguments" | ||
elif [ ! -d db/$ | elif [ ! -d db/$WG_ID ]; then | ||
Usage "unknown VPN_ID: $ | Usage "unknown VPN_ID: $WG_ID" | ||
else | else | ||
Create | Create | ||
fi | fi | ||
SCRIPT | SCRIPT | ||
chmod +x $FN_SCRIPT | chmod +x $FN_SCRIPT | ||
echo "= created: $FN_SCRIPT" | |||
echo "= created: $FN_SCRIPT" | |||
</syntaxhighlight> | </syntaxhighlight> | ||
=== Konfiguration Server === | === Konfiguration Server === | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
WG_ID=wg0 | |||
IP_SERVER=10.58.1.1/16 | |||
IP_SERVER=10. | |||
HOST=$(hostname) | HOST=$(hostname) | ||
PORT=51820 | PORT=51820 | ||
./BuildServer $ | ./BuildServer $WK_ID $IP_SERVER $HOST $PORT | ||
</syntaxhighlight> | </syntaxhighlight> | ||
=== Konfiguration existierender Client (Public Key bekannt) === | === Konfiguration existierender Client (Public Key bekannt) === | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
WG_ID=wg0 | |||
CLIENT=joe | CLIENT=joe | ||
IP_CLIENT=10. | IP_CLIENT=10.58.1.10/32 | ||
PUB_KEY=0fajdkafkdla02jiw902902= | PUB_KEY=0fajdkafkdla02jiw902902= | ||
ALLOWED_IPS=10. | ALLOWED_IPS=10.58.1.0/24 | ||
./ImportClient $ | ./ImportClient $WG_ID $CLIENT $IP_CLIENT $PUB_KEY $ALLOWED_IPS | ||
</syntaxhighlight> | </syntaxhighlight> | ||
=== Erzeugen Client (Keys werden erzeugt) === | === Erzeugen Client (Keys werden erzeugt) === | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
WG_ID=wg0 | |||
CLIENT=joe | CLIENT=joe | ||
IP_CLIENT=10. | IP_CLIENT=10.58.1.10/32 | ||
ALLOWED_IPS=10. | ALLOWED_IPS=10.58.1.0/24 | ||
./ | ./CreateClient $WG_ID $CLIENT $IP_CLIENT ALLOWED_IPS | ||
</syntaxhighlight> | </syntaxhighlight> | ||
== Linux Client einrichten == | == Linux Client einrichten == | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
apt install wireguard-tools | apt install wireguard-tools | ||
WG_ID=vinfeos0 | |||
=== | IP_SERVER=207.180.255.91 | ||
PUBKEY_SERVER=eK7tZw0WgbjjxkRdAwGvp8aAV/cfzhwpIymZdVTFE3k= | |||
DNS_SERVER=9.9.9.9 | |||
PORT_SERVER=51820 | |||
IP2_SERVER=10.58.1.1 | |||
IP_CLIENT=10.58.1.11/32 | |||
ALLOWED_IPS=10.58.1.0/16 | |||
FN_CONFIG=/etc/wireguard/$WG_ID.conf | |||
FN_KEY_PRIVATE=/etc/wireguard/$WG_ID.private.key | |||
wg genkey | sudo tee $FN_KEY_PRIVATE | |||
chmod go= $FN_KEY_PRIVATE | |||
PUBKEY_CLIENT=$(wg <$FN_KEY_PRIVATE pubkey) | |||
cat <<EOS >$FN_CONFIG | |||
[Interface] | [Interface] | ||
Address = $ | # The address your computer will use on the VPN | ||
Address = $IP_CLIE:q:NT | |||
DNS = $DNS_SERVER | DNS = $DNS_SERVER | ||
# Load your privatekey from file | # Load your privatekey from file | ||
PostUp = wg set %i private-key $ | PostUp = wg set %i private-key $FN_KEY_PRIVATE | ||
# Also ping the vpn server to ensure the tunnel is initialized | # Also ping the vpn server to ensure the tunnel is initialized | ||
PostUp = ping -c1 $ | PostUp = ping -c1 $IP2_SERVER | ||
[Peer] | [Peer] | ||
# VPN server's wireguard public key | |||
PublicKey = $PUBKEY_SERVER | PublicKey = $PUBKEY_SERVER | ||
# Public IP address of your VPN server (USE YOURS!) | |||
Endpoint = $IP_SERVER:$PORT_SERVER | Endpoint = $IP_SERVER:$PORT_SERVER | ||
# 10.0.0.0/24 is the VPN subnet | |||
AllowedIPs = $ALLOWED_IPS | AllowedIPs = $ALLOWED_IPS | ||
PersistentKeepalive = | # PersistentKeepalive = 25 | ||
EOS | EOS | ||
</syntaxhighlight> | </syntaxhighlight> |