Jump to content

Windows/Wireguard: Difference between revisions

From Wiki
← Older edit
VisualWikitext
Marcluer (talk | contribs)
CooleKarte, HOT2013, JustinTime, Bureaucrats, Administrators
4,553 edits
mNo edit summary
Marcluer (talk | contribs)
CooleKarte, HOT2013, JustinTime, Bureaucrats, Administrators
4,553 edits
 
Line 60: Line 60:
</pre>
</pre>


* Task
** On system start
** Delay 1min
** Start programm
*** "C:\Program Files\WireGuard\wireguard.exe"
*** /installtunnelservice "C:\Program Files\WireGuard\Data\Configurations\wireguard-tunnel.conf.dpapi"


[[Category:Windows]]
[[Category:Windows]]

Latest revision as of 13:21, 9 October 2025

Windows Server as Wireguard Client

  • Install Wireguard
  • Setup Wireguard config and connect to Wireguard server

Windows Firewall config (non-Active Directory)

  • Find out Wireguard network interface name
Get-NetConnectionProfile -NetworkCategory 'Public'
Get-NetConnectionProfile -NetworkCategory 'Private'
  • Set wireguard network to "private"
Set-NetConnectionProfile -InterfaceAlias 'wireguard???' -NetworkCategory 'Private'
  • Allow ping from Wireguard server to Windows
    • Open Windows Defender Firewall
    • Incoming rules
    • File and Printer sharing (Echo Request - ICMPv4-In)
      • Profile: Domain + Private
      • Enable
    • Remotedesktop (TCP+UDP)

Windows Firewall config (Active Directory!!)

  • set-firewall.ps1
# Remove old rules
Remove-NetFirewallRule -DisplayName "Custom -*" -ErrorAction SilentlyContinue

# Allow ping v4 on Ethernet
New-NetFirewallRule -DisplayName "Custom - Allow Ping - Ethernet" -Direction Inbound -Protocol ICMPv4 -IcmpType 8 -Action Allow -Enabled True -InterfaceAlias "Ethernet"

# Block TCP on Ethernet
New-NetFirewallRule -DisplayName "Custom - Block TCP - Ethernet" -Direction Inbound -Protocol TCP -Action Block -Enabled True -InterfaceAlias "Ethernet"

# Block UDP on Ethernet
New-NetFirewallRule -DisplayName "Custom - Block UDP - Ethernet" -Direction Inbound -Protocol UDP -Action Block -Enabled True -InterfaceAlias "Ethernet"

# Allow all on Wireguard
New-NetFirewallRule -DisplayName "Custom - Allow All - Wireguard" -Direction Inbound -Action Allow -Enabled True -InterfaceAlias "wireguardexample"

# Verify
Get-NetFirewallRule -DisplayName "Custom -*" | ForEach-Object {
      $rule = $_
      $filter = $_ | Get-NetFirewallInterfaceFilter
      [PSCustomObject]@{
          DisplayName = $rule.DisplayName
          Direction = $rule.Direction
          Action = $rule.Action
          Enabled = $rule.Enabled
          InterfaceAlias = $filter.InterfaceAlias
      }
  }
  • Task
    • On system start
    • Delay 1min
    • Start programm
      • "C:\Program Files\WireGuard\wireguard.exe"
      • /installtunnelservice "C:\Program Files\WireGuard\Data\Configurations\wireguard-tunnel.conf.dpapi"
Retrieved from "https://wiki.marcluerssen.de/index.php?title=Windows/Wireguard&oldid=4635"