====== WireGuard ======

===== Repositories für Fedora einbinden und WireGuard installieren =====


<code>
dnf copr enable jdoss/wireguard
dnf install wireguard-dkms wireguard-tools
</code>

===== Keys erzeugen =====


<code>
wg genkey | tee wg.client.privatekey | wg pubkey > wg.client.publickey
wg genkey | tee wg.server.privatekey | wg pubkey > wg.server.publickey

chown root:root wg*
chmod 600 wg*
</code>

===== Server Konfigurationsdatei =====


<code>
# Server wg.server.conf
[Interface]
ListenPort = 51820
PrivateKey = <wg.server.privatekey>

[Peer]
PublicKey = <wg.client.publickey>
AllowedIPs = 0.0.0.0/0
</code>

===== Client Konfigurationsdatei =====


<code>
# Client wg.client.conf
[Interface]
PrivateKey = <wg.client.privatekey>

[Peer]
Endpoint = <public server IP>:51820
PublicKey = <wg.server.publickey>
AllowedIPs = 0.0.0.0/0
</code>

===== Netzwerkdevice erstellen und konfigurieren =====


<code>
ip link add dev wg0 type wireguard

# Server
ip address add dev wg0 192.168.2.1/24

# Client
ip address add dev wg0 192.168.2.2/24

# Server
wg setconf wg0 wg.server.conf

# Client
wg setconf wg0 wg.client.conf

ip link set up dev wg0
ip link set down dev wg0
</code>

===== Firewall-Regeln nicht vergessen =====


<code>
firewall-cmd             --zone=public --add-port=51820/udp
firewall-cmd --permanent --zone=public --add-port=51820/udp

firewall-cmd             --zone=public --add-masquerade
firewall-cmd --permanent --zone=public --add-masquerade
</code>

===== Prüfen, ob alles funktioniert =====


<code>
# Server
wg
interface: wg0
  public key: aaa
  private key: (hidden)
  listening port: 51820

peer: xxx
  endpoint: yyy
  allowed ips: 0.0.0.0/0
  latest handshake: 4 minutes, 18 seconds ago
  transfer: 23.34 KiB received, 22.79 KiB sent

# Client
wg
interface: wg0
  public key: aaa
  private key: (hidden)
  listening port: 49198

peer: xxx
  endpoint: <server ip>:51820
  allowed ips: 0.0.0.0/0
  latest handshake: 3 minutes, 57 seconds ago
  transfer: 348 B received, 436 B sent
</code>