Wireguard

Aus Info-Theke
Zur Navigation springen Zur Suche springen

Links

Installation

apt install wireguard resolvconf

Zentrale einrichten

Für jeden Client

CLIENT_NAME=wk-rambo
FN_PEER=db/clients/$CLIENT_NAME.conf
ALLOWED_IPS=10.58.1.0/16
PUBKEY_CLIENT=kFJDiSluqYczby0AkXBjAT7iSF5qEW45CUxzzjqhbg8=
mkdir -p $(dirname $FN_PEER)
cat <<EOS >$FN_PEER
[Peer]
# $CLIENT_NAME public key:
PublicKey = $PUBKEY_CLIENT
# VPN client's IP address in the VPN
AllowedIPs = ALLOWED_IPS
EOS

Konfiguration erstellen

WG_ID=vinfeos0
FN_KEY_PRIVATE=/etc/wireguard/$WG_ID.private.key
if [ -e $FN_KEY_PRIVATE ]; then
  echo "$FN_KEY_PRIVATE already exists!"
else
  wg genkey | sudo tee $FN_KEY_PRIVATE
  chmod go= $FN_KEY_PRIVATE
fi

IP_SERVER=10.58.1.1/16
FN_CONFIG=/etc/wireguard/$WG_ID.conf
PORT=51820
cat <<EOS >$FN_CONFIG
[Interface]
Address = $IP_SERVER
ListenPort = $PORT
# Use your own private key, from /etc/wireguard/privatekey
PrivateKey = $(cat $FN_KEY_PRIVATE)
EOS
for client in db/clients/*.conf; do
  cat $client >>$FN_CONFIG
done
WG_ID=wg0
FN_KEY_PRIVATE=/etc/wireguard/$WG_ID.private.key
wg genkey | sudo tee $FN_KEY_PRIVATE
chmod go= $KEY_PRIVATE
IP_SERVER=10.58.1.1/16
FN_CONFIG=/etc/wireguard/$WG_ID.conf
PORT=51820

cat <<EOS >$FN_CONFIG
[Interface]
Address = $IP_SERVER
ListenPort = $PORT
# Use your own private key, from /etc/wireguard/privatekey
PrivateKey = $(cat $KEY_PRIVATE)
EOS
for client in db/clients/*.conf; do
  cat $client >>$FN_CONFIG
done

Linux Client einrichten

apt install wireguard-tools
WG_ID=vinfeos0
IP_SERVER=207.180.255.91
PUBKEY_SERVER=eK7tZw0WgbjjxkRdAwGvp8aAV/cfzhwpIymZdVTFE3k=
DNS_SERVER=9.9.9.9
PORT_SERVER=51820
IP2_SERVER=10.58.1.1
IP_CLIENT=10.58.1.11/32
ALLOWED_IPS=10.58.1.0/16
FN_CONFIG=/etc/wireguard/$WG_ID.conf

FN_KEY_PRIVATE=/etc/wireguard/$WG_ID.private.key
wg genkey | sudo tee $FN_KEY_PRIVATE
chmod go= $FN_KEY_PRIVATE
PUBKEY_CLIENT=$(wg <$FN_KEY_PRIVATE pubkey)
cat <<EOS >$FN_CONFIG
[Interface]
# The address your computer will use on the VPN
Address = $IP_CLIE:q:NT
DNS = $DNS_SERVER
# Load your privatekey from file
PostUp = wg set %i private-key $FN_KEY_PRIVATE
# Also ping the vpn server to ensure the tunnel is initialized
PostUp = ping -c1 $IP2_SERVER

[Peer]
# VPN server's wireguard public key
PublicKey = $PUBKEY_SERVER
# Public IP address of your VPN server (USE YOURS!)
Endpoint = $IP_SERVER:$PORT_SERVER
# 10.0.0.0/24 is the VPN subnet
AllowedIPs = $ALLOWED_IPS
# PersistentKeepalive = 25
EOS