Wireguard: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(Die Seite wurde neu angelegt: „= Links = * Wireguard-ui = Installation = <syntaxhighlight lang="bash"> apt install wireguard resolvconf </syntaxhighlight> == Zentrale einrichten == <sy…“) |
|||
Zeile 8: | Zeile 8: | ||
== Zentrale einrichten == | == Zentrale einrichten == | ||
=== Für jeden Client === | |||
<syntaxhighlight lang="bash"> | |||
CLIENT_NAME=wk-rambo | |||
FN_PEER=db/clients/$CLIENT_NAME.conf | |||
ALLOWED_IPS=10.58.1.0/16 | |||
PUBKEY_CLIENT=kFJDiSluqYczby0AkXBjAT7iSF5qEW45CUxzzjqhbg8= | |||
mkdir -p $(dirname $FN_PEER) | |||
cat <<EOS >$FN_PEER | |||
[Peer] | |||
# $CLIENT_NAME public key: | |||
PublicKey = $PUBKEY_CLIENT | |||
# VPN client's IP address in the VPN | |||
AllowedIPs = ALLOWED_IPS | |||
EOS | |||
</syntaxhighlight> | |||
=== Konfiguration erstellen === | |||
<syntaxhighlight lang="bash"> | |||
WG_ID=vinfeos0 | |||
FN_KEY_PRIVATE=/etc/wireguard/$WG_ID.private.key | |||
if [ -e $FN_KEY_PRIVATE ]; then | |||
echo "$FN_KEY_PRIVATE already exists!" | |||
else | |||
wg genkey | sudo tee $FN_KEY_PRIVATE | |||
chmod go= $FN_KEY_PRIVATE | |||
fi | |||
IP_SERVER=10.58.1.1/16 | |||
FN_CONFIG=/etc/wireguard/$WG_ID.conf | |||
PORT=51820 | |||
cat <<EOS >$FN_CONFIG | |||
[Interface] | |||
Address = $IP_SERVER | |||
ListenPort = $PORT | |||
# Use your own private key, from /etc/wireguard/privatekey | |||
PrivateKey = $(cat $KEY_PRIVATE) | |||
EOS | |||
for client in db/clients/*.conf; do | |||
cat $client >>$FN_CONFIG | |||
done | |||
EOS | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
WG_ID=wg0 | WG_ID=wg0 | ||
FN_KEY_PRIVATE=/etc/wireguard/$WG_ID.private.key | |||
wg genkey | sudo tee $ | wg genkey | sudo tee $FN_KEY_PRIVATE | ||
chmod go= $KEY_PRIVATE | chmod go= $KEY_PRIVATE | ||
IP_SERVER=10.58.1.1/16 | IP_SERVER=10.58.1.1/16 | ||
FN_CONFIG=/etc/wireguard/$WG_ID.conf | |||
PORT=51820 | |||
cat <<EOS >$FN_CONFIG | |||
[Interface] | |||
Address = $IP_SERVER | |||
ListenPort = $PORT | |||
# Use your own private key, from /etc/wireguard/privatekey | |||
PrivateKey = $(cat $KEY_PRIVATE) | |||
EOS | |||
for client in db/clients/*.conf; do | |||
cat $client >>$FN_CONFIG | |||
done | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Version vom 1. April 2023, 09:15 Uhr
Links
Installation
apt install wireguard resolvconf
Zentrale einrichten
Für jeden Client
CLIENT_NAME=wk-rambo
FN_PEER=db/clients/$CLIENT_NAME.conf
ALLOWED_IPS=10.58.1.0/16
PUBKEY_CLIENT=kFJDiSluqYczby0AkXBjAT7iSF5qEW45CUxzzjqhbg8=
mkdir -p $(dirname $FN_PEER)
cat <<EOS >$FN_PEER
[Peer]
# $CLIENT_NAME public key:
PublicKey = $PUBKEY_CLIENT
# VPN client's IP address in the VPN
AllowedIPs = ALLOWED_IPS
EOS
Konfiguration erstellen
WG_ID=vinfeos0
FN_KEY_PRIVATE=/etc/wireguard/$WG_ID.private.key
if [ -e $FN_KEY_PRIVATE ]; then
echo "$FN_KEY_PRIVATE already exists!"
else
wg genkey | sudo tee $FN_KEY_PRIVATE
chmod go= $FN_KEY_PRIVATE
fi
IP_SERVER=10.58.1.1/16
FN_CONFIG=/etc/wireguard/$WG_ID.conf
PORT=51820
cat <<EOS >$FN_CONFIG
[Interface]
Address = $IP_SERVER
ListenPort = $PORT
# Use your own private key, from /etc/wireguard/privatekey
PrivateKey = $(cat $KEY_PRIVATE)
EOS
for client in db/clients/*.conf; do
cat $client >>$FN_CONFIG
done
EOS
WG_ID=wg0
FN_KEY_PRIVATE=/etc/wireguard/$WG_ID.private.key
wg genkey | sudo tee $FN_KEY_PRIVATE
chmod go= $KEY_PRIVATE
IP_SERVER=10.58.1.1/16
FN_CONFIG=/etc/wireguard/$WG_ID.conf
PORT=51820
cat <<EOS >$FN_CONFIG
[Interface]
Address = $IP_SERVER
ListenPort = $PORT
# Use your own private key, from /etc/wireguard/privatekey
PrivateKey = $(cat $KEY_PRIVATE)
EOS
for client in db/clients/*.conf; do
cat $client >>$FN_CONFIG
done
Linux Client einrichten
apt install wireguard-tools
WG_ID=vinfeos0
IP_SERVER=207.180.255.91
PUBKEY_SERVER=eK7tZw0WgbjjxkRdAwGvp8aAV/cfzhwpIymZdVTFE3k=
DNS_SERVER=9.9.9.9
PORT_SERVER=51820
IP2_SERVER=10.58.1.1
IP_CLIENT=10.58.1.11/32
ALLOWED_IPS=10.58.1.0/16
FN_CONFIG=/etc/wireguard/$WG_ID.conf
FN_KEY_PRIVATE=/etc/wireguard/$WG_ID.private.key
wg genkey | sudo tee $FN_KEY_PRIVATE
chmod go= $FN_KEY_PRIVATE
PUBKEY_CLIENT=$(wg <$FN_KEY_PRIVATE pubkey)
cat <<EOS >$FN_CONFIG
[Interface]
# The address your computer will use on the VPN
Address = $IP_CLIE:q:NT
DNS = $DNS_SERVER
# Load your privatekey from file
PostUp = wg set %i private-key $FN_KEY_PRIVATE
# Also ping the vpn server to ensure the tunnel is initialized
PostUp = ping -c1 $IP2_SERVER
[Peer]
# VPN server's wireguard public key
PublicKey = $PUBKEY_SERVER
# Public IP address of your VPN server (USE YOURS!)
Endpoint = $IP_SERVER:$PORT_SERVER
# 10.0.0.0/24 is the VPN subnet
AllowedIPs = $ALLOWED_IPS
# PersistentKeepalive = 25
EOS