Linux/Wireguard: Difference between revisions
< Linux
mNo edit summary |
mNo edit summary |
||
| Line 16: | Line 16: | ||
</pre> | </pre> | ||
== Generate keys == | |||
<pre> | |||
== Generate ipv6 prefix == | == Generate ipv6 prefix == | ||
Revision as of 21:55, 19 November 2023
Installation
apt install wireguard
Enable IP forwarding
- /etc/sysctl.conf
net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1
- reload sysctl
sudo sysctl -p
Generate keys
== Generate ipv6 prefix == <pre> date +%s%N cat /var/lib/dbus/machine-id printf <timestamp><machine-id> | sha1sum printf <sha1sum>| cut -c 31- 1a2b3c4d5e fd1a:2b3c:4d5e::/64 <- subnet fd1a:2b3c:4d5e::1/64 <- wireguard server ip
Server config
- /etc/wireguard/wg0.conf
[Interface]
Address = 10.13.13.1, fd12:3456:7890::1/64
ListenPort = 51820
PrivateKey = {PrivateKey}
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PostUp = ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
# peer_homerouter
PublicKey = {peer_homerouter_publickey}
PresharedKey = {peer_homerouter_presharedkey}
AllowedIPs = 10.13.13.2/32, 192.168.1.0/24
[Peer]
# peer_laptop
PublicKey = {peer_laptop_publickey}
PresharedKey = {peer_laptop_presharedkey}
AllowedIPs = 10.13.13.3/32, fd12:3456:7890::3/128
Creating systemd service
sudo systemctl enable wg-quick@wg0.service sudo systemctl start wg-quick@wg0.service sudo systemctl status wg-quick@wg0.service
Status
wg