Wireguard
Version vom 1. April 2023, 09:20 Uhr von Hamatoma (Diskussion | Beiträge) (→Konfiguration erstellen)
Links
Installation
apt install wireguard resolvconf
Zentrale einrichten
Für jeden Client
CLIENT_NAME=wk-rambo
FN_PEER=db/clients/$CLIENT_NAME.conf
ALLOWED_IPS=10.58.1.0/16
PUBKEY_CLIENT=kFJDiSluqYczby0AkXBjAT7iSF5qEW45CUxzzjqhbg8=
mkdir -p $(dirname $FN_PEER)
cat <<EOS >$FN_PEER
[Peer]
# $CLIENT_NAME public key:
PublicKey = $PUBKEY_CLIENT
# VPN client's IP address in the VPN
AllowedIPs = ALLOWED_IPS
EOS
Konfiguration erstellen
WG_ID=vinfeos0
FN_KEY_PRIVATE=/etc/wireguard/$WG_ID.private.key
if [ -e $FN_KEY_PRIVATE ]; then
echo "$FN_KEY_PRIVATE already exists!"
else
wg genkey | sudo tee $FN_KEY_PRIVATE
chmod go= $FN_KEY_PRIVATE
fi
IP_SERVER=10.58.1.1/16
FN_CONFIG=/etc/wireguard/$WG_ID.conf
PORT=51820
cat <<EOS >$FN_CONFIG
[Interface]
Address = $IP_SERVER
ListenPort = $PORT
# Use your own private key, from /etc/wireguard/privatekey
PrivateKey = $(cat $FN_KEY_PRIVATE)
EOS
for client in db/clients/*.conf; do
cat $client >>$FN_CONFIG
done
WG_ID=wg0
FN_KEY_PRIVATE=/etc/wireguard/$WG_ID.private.key
wg genkey | sudo tee $FN_KEY_PRIVATE
chmod go= $KEY_PRIVATE
IP_SERVER=10.58.1.1/16
FN_CONFIG=/etc/wireguard/$WG_ID.conf
PORT=51820
cat <<EOS >$FN_CONFIG
[Interface]
Address = $IP_SERVER
ListenPort = $PORT
# Use your own private key, from /etc/wireguard/privatekey
PrivateKey = $(cat $KEY_PRIVATE)
EOS
for client in db/clients/*.conf; do
cat $client >>$FN_CONFIG
done
Linux Client einrichten
apt install wireguard-tools
WG_ID=vinfeos0
IP_SERVER=207.180.255.91
PUBKEY_SERVER=eK7tZw0WgbjjxkRdAwGvp8aAV/cfzhwpIymZdVTFE3k=
DNS_SERVER=9.9.9.9
PORT_SERVER=51820
IP2_SERVER=10.58.1.1
IP_CLIENT=10.58.1.11/32
ALLOWED_IPS=10.58.1.0/16
FN_CONFIG=/etc/wireguard/$WG_ID.conf
FN_KEY_PRIVATE=/etc/wireguard/$WG_ID.private.key
wg genkey | sudo tee $FN_KEY_PRIVATE
chmod go= $FN_KEY_PRIVATE
PUBKEY_CLIENT=$(wg <$FN_KEY_PRIVATE pubkey)
cat <<EOS >$FN_CONFIG
[Interface]
# The address your computer will use on the VPN
Address = $IP_CLIE:q:NT
DNS = $DNS_SERVER
# Load your privatekey from file
PostUp = wg set %i private-key $FN_KEY_PRIVATE
# Also ping the vpn server to ensure the tunnel is initialized
PostUp = ping -c1 $IP2_SERVER
[Peer]
# VPN server's wireguard public key
PublicKey = $PUBKEY_SERVER
# Public IP address of your VPN server (USE YOURS!)
Endpoint = $IP_SERVER:$PORT_SERVER
# 10.0.0.0/24 is the VPN subnet
AllowedIPs = $ALLOWED_IPS
# PersistentKeepalive = 25
EOS