WireGuard
Repositories für Fedora einbinden und WireGuard installieren
dnf copr enable jdoss/wireguard
dnf install wireguard-dkms wireguard-tools
Keys erzeugen
wg genkey | tee wg.client.privatekey | wg pubkey > wg.client.publickey
wg genkey | tee wg.server.privatekey | wg pubkey > wg.server.publickey
chown root:root wg*
chmod 600 wg*
Server Konfigurationsdatei
# Server wg.server.conf
[Interface]
ListenPort = 51820
PrivateKey = <wg.server.privatekey>
[Peer]
PublicKey = <wg.client.publickey>
AllowedIPs = 0.0.0.0/0
Client Konfigurationsdatei
# Client wg.client.conf
[Interface]
PrivateKey = <wg.client.privatekey>
[Peer]
Endpoint = <public server IP>:51820
PublicKey = <wg.server.publickey>
AllowedIPs = 0.0.0.0/0
Netzwerkdevice erstellen und konfigurieren
ip link add dev wg0 type wireguard
# Server
ip address add dev wg0 192.168.2.1/24
# Client
ip address add dev wg0 192.168.2.2/24
# Server
wg setconf wg0 wg.server.conf
# Client
wg setconf wg0 wg.client.conf
ip link set up dev wg0
ip link set down dev wg0
Firewall-Regeln nicht vergessen
firewall-cmd --zone=public --add-port=51820/udp
firewall-cmd --permanent --zone=public --add-port=51820/udp
firewall-cmd --zone=public --add-masquerade
firewall-cmd --permanent --zone=public --add-masquerade
Prüfen, ob alles funktioniert
# Server
wg
interface: wg0
public key: aaa
private key: (hidden)
listening port: 51820
peer: xxx
endpoint: yyy
allowed ips: 0.0.0.0/0
latest handshake: 4 minutes, 18 seconds ago
transfer: 23.34 KiB received, 22.79 KiB sent
# Client
wg
interface: wg0
public key: aaa
private key: (hidden)
listening port: 49198
peer: xxx
endpoint: <server ip>:51820
allowed ips: 0.0.0.0/0
latest handshake: 3 minutes, 57 seconds ago
transfer: 348 B received, 436 B sent