Inhaltsverzeichnis

WireGuard

Repositories für Fedora einbinden und WireGuard installieren

dnf copr enable jdoss/wireguard
dnf install wireguard-dkms wireguard-tools

Keys erzeugen

wg genkey | tee wg.client.privatekey | wg pubkey > wg.client.publickey
wg genkey | tee wg.server.privatekey | wg pubkey > wg.server.publickey

chown root:root wg*
chmod 600 wg*

Server Konfigurationsdatei

# Server wg.server.conf
[Interface]
ListenPort = 51820
PrivateKey = <wg.server.privatekey>

[Peer]
PublicKey = <wg.client.publickey>
AllowedIPs = 0.0.0.0/0

Client Konfigurationsdatei

# Client wg.client.conf
[Interface]
PrivateKey = <wg.client.privatekey>

[Peer]
Endpoint = <public server IP>:51820
PublicKey = <wg.server.publickey>
AllowedIPs = 0.0.0.0/0

Netzwerkdevice erstellen und konfigurieren

ip link add dev wg0 type wireguard

# Server
ip address add dev wg0 192.168.2.1/24

# Client
ip address add dev wg0 192.168.2.2/24

# Server
wg setconf wg0 wg.server.conf

# Client
wg setconf wg0 wg.client.conf

ip link set up dev wg0
ip link set down dev wg0

Firewall-Regeln nicht vergessen

firewall-cmd             --zone=public --add-port=51820/udp
firewall-cmd --permanent --zone=public --add-port=51820/udp

firewall-cmd             --zone=public --add-masquerade
firewall-cmd --permanent --zone=public --add-masquerade

Prüfen, ob alles funktioniert

# Server
wg
interface: wg0
  public key: aaa
  private key: (hidden)
  listening port: 51820

peer: xxx
  endpoint: yyy
  allowed ips: 0.0.0.0/0
  latest handshake: 4 minutes, 18 seconds ago
  transfer: 23.34 KiB received, 22.79 KiB sent

# Client
wg
interface: wg0
  public key: aaa
  private key: (hidden)
  listening port: 49198

peer: xxx
  endpoint: <server ip>:51820
  allowed ips: 0.0.0.0/0
  latest handshake: 3 minutes, 57 seconds ago
  transfer: 348 B received, 436 B sent