Wireguard: Unterschied zwischen den Versionen

Aus Info-Theke
Zur Navigation springen Zur Suche springen
(Die Seite wurde neu angelegt: „= Links = * Wireguard-ui = Installation = <syntaxhighlight lang="bash"> apt install wireguard resolvconf </syntaxhighlight> == Zentrale einrichten == <sy…“)
 
Zeile 8: Zeile 8:


== Zentrale einrichten ==
== Zentrale einrichten ==
=== Für jeden Client ===
<syntaxhighlight lang="bash">
CLIENT_NAME=wk-rambo
FN_PEER=db/clients/$CLIENT_NAME.conf
ALLOWED_IPS=10.58.1.0/16
PUBKEY_CLIENT=kFJDiSluqYczby0AkXBjAT7iSF5qEW45CUxzzjqhbg8=
mkdir -p $(dirname $FN_PEER)
cat <<EOS >$FN_PEER
[Peer]
# $CLIENT_NAME public key:
PublicKey = $PUBKEY_CLIENT
# VPN client's IP address in the VPN
AllowedIPs = ALLOWED_IPS
EOS
</syntaxhighlight>
=== Konfiguration erstellen ===
<syntaxhighlight lang="bash">
WG_ID=vinfeos0
FN_KEY_PRIVATE=/etc/wireguard/$WG_ID.private.key
if [ -e $FN_KEY_PRIVATE ]; then
  echo "$FN_KEY_PRIVATE already exists!"
else
  wg genkey | sudo tee $FN_KEY_PRIVATE
  chmod go= $FN_KEY_PRIVATE
fi
IP_SERVER=10.58.1.1/16
FN_CONFIG=/etc/wireguard/$WG_ID.conf
PORT=51820
cat <<EOS >$FN_CONFIG
[Interface]
Address = $IP_SERVER
ListenPort = $PORT
# Use your own private key, from /etc/wireguard/privatekey
PrivateKey = $(cat $KEY_PRIVATE)
EOS
for client in db/clients/*.conf; do
  cat $client >>$FN_CONFIG
done
EOS
</syntaxhighlight>
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
WG_ID=wg0
WG_ID=wg0
KEY_PRIVATE=/etc/wireguard/$WG_ID.private.key
FN_KEY_PRIVATE=/etc/wireguard/$WG_ID.private.key
wg genkey | sudo tee $KEY_PRIVATE
wg genkey | sudo tee $FN_KEY_PRIVATE
chmod go= $KEY_PRIVATE
chmod go= $KEY_PRIVATE
IP_SERVER=10.58.1.1/16
IP_SERVER=10.58.1.1/16
FN_CONFIG=/etc/wireguard/$WG_ID.conf
PORT=51820
cat <<EOS >$FN_CONFIG
[Interface]
Address = $IP_SERVER
ListenPort = $PORT
# Use your own private key, from /etc/wireguard/privatekey
PrivateKey = $(cat $KEY_PRIVATE)
EOS
for client in db/clients/*.conf; do
  cat $client >>$FN_CONFIG
done
</syntaxhighlight>
</syntaxhighlight>



Version vom 1. April 2023, 09:15 Uhr

Links

Installation

apt install wireguard resolvconf

Zentrale einrichten

Für jeden Client

CLIENT_NAME=wk-rambo
FN_PEER=db/clients/$CLIENT_NAME.conf
ALLOWED_IPS=10.58.1.0/16
PUBKEY_CLIENT=kFJDiSluqYczby0AkXBjAT7iSF5qEW45CUxzzjqhbg8=
mkdir -p $(dirname $FN_PEER)
cat <<EOS >$FN_PEER
[Peer]
# $CLIENT_NAME public key:
PublicKey = $PUBKEY_CLIENT
# VPN client's IP address in the VPN
AllowedIPs = ALLOWED_IPS
EOS

Konfiguration erstellen

WG_ID=vinfeos0
FN_KEY_PRIVATE=/etc/wireguard/$WG_ID.private.key
if [ -e $FN_KEY_PRIVATE ]; then
  echo "$FN_KEY_PRIVATE already exists!"
else
  wg genkey | sudo tee $FN_KEY_PRIVATE
  chmod go= $FN_KEY_PRIVATE
fi

IP_SERVER=10.58.1.1/16
FN_CONFIG=/etc/wireguard/$WG_ID.conf
PORT=51820
cat <<EOS >$FN_CONFIG
[Interface]
Address = $IP_SERVER
ListenPort = $PORT
# Use your own private key, from /etc/wireguard/privatekey
PrivateKey = $(cat $KEY_PRIVATE)
EOS
for client in db/clients/*.conf; do
  cat $client >>$FN_CONFIG
done
EOS
WG_ID=wg0
FN_KEY_PRIVATE=/etc/wireguard/$WG_ID.private.key
wg genkey | sudo tee $FN_KEY_PRIVATE
chmod go= $KEY_PRIVATE
IP_SERVER=10.58.1.1/16
FN_CONFIG=/etc/wireguard/$WG_ID.conf
PORT=51820

cat <<EOS >$FN_CONFIG
[Interface]
Address = $IP_SERVER
ListenPort = $PORT
# Use your own private key, from /etc/wireguard/privatekey
PrivateKey = $(cat $KEY_PRIVATE)
EOS
for client in db/clients/*.conf; do
  cat $client >>$FN_CONFIG
done

Linux Client einrichten

apt install wireguard-tools
WG_ID=vinfeos0
IP_SERVER=207.180.255.91
PUBKEY_SERVER=eK7tZw0WgbjjxkRdAwGvp8aAV/cfzhwpIymZdVTFE3k=
DNS_SERVER=9.9.9.9
PORT_SERVER=51820
IP2_SERVER=10.58.1.1
IP_CLIENT=10.58.1.11/32
ALLOWED_IPS=10.58.1.0/16
FN_CONFIG=/etc/wireguard/$WG_ID.conf

FN_KEY_PRIVATE=/etc/wireguard/$WG_ID.private.key
wg genkey | sudo tee $FN_KEY_PRIVATE
chmod go= $FN_KEY_PRIVATE
PUBKEY_CLIENT=$(wg <$FN_KEY_PRIVATE pubkey)
cat <<EOS >$FN_CONFIG
[Interface]
# The address your computer will use on the VPN
Address = $IP_CLIE:q:NT
DNS = $DNS_SERVER
# Load your privatekey from file
PostUp = wg set %i private-key $FN_KEY_PRIVATE
# Also ping the vpn server to ensure the tunnel is initialized
PostUp = ping -c1 $IP2_SERVER

[Peer]
# VPN server's wireguard public key
PublicKey = $PUBKEY_SERVER
# Public IP address of your VPN server (USE YOURS!)
Endpoint = $IP_SERVER:$PORT_SERVER
# 10.0.0.0/24 is the VPN subnet
AllowedIPs = $ALLOWED_IPS
# PersistentKeepalive = 25
EOS