Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
| Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung | ||
| wireguard [20181225 13:14] – init Dirk Deimeke | wireguard [20181226 08:39] (aktuell) – Dirk Deimeke | ||
|---|---|---|---|
| Zeile 1: | Zeile 1: | ||
| ====== WireGuard ====== | ====== WireGuard ====== | ||
| + | |||
| + | ===== Repositories für Fedora einbinden und WireGuard installieren ===== | ||
| + | |||
| < | < | ||
| dnf copr enable jdoss/ | dnf copr enable jdoss/ | ||
| dnf install wireguard-dkms wireguard-tools | dnf install wireguard-dkms wireguard-tools | ||
| + | </ | ||
| + | ===== Keys erzeugen ===== | ||
| + | |||
| + | |||
| + | < | ||
| wg genkey | tee wg.client.privatekey | wg pubkey > wg.client.publickey | wg genkey | tee wg.client.privatekey | wg pubkey > wg.client.publickey | ||
| wg genkey | tee wg.server.privatekey | wg pubkey > wg.server.publickey | wg genkey | tee wg.server.privatekey | wg pubkey > wg.server.publickey | ||
| Zeile 11: | Zeile 19: | ||
| chmod 600 wg* | chmod 600 wg* | ||
| </ | </ | ||
| + | |||
| + | ===== Server Konfigurationsdatei ===== | ||
| + | |||
| < | < | ||
| - | # Server | + | # Server |
| [Interface] | [Interface] | ||
| ListenPort = 51820 | ListenPort = 51820 | ||
| Zeile 22: | Zeile 33: | ||
| AllowedIPs = 0.0.0.0/0 | AllowedIPs = 0.0.0.0/0 | ||
| </ | </ | ||
| + | |||
| + | ===== Client Konfigurationsdatei ===== | ||
| + | |||
| < | < | ||
| - | # Client | + | # Client |
| [Interface] | [Interface] | ||
| PrivateKey = < | PrivateKey = < | ||
| Zeile 33: | Zeile 47: | ||
| AllowedIPs = 0.0.0.0/0 | AllowedIPs = 0.0.0.0/0 | ||
| </ | </ | ||
| + | |||
| + | ===== Netzwerkdevice erstellen und konfigurieren ===== | ||
| + | |||
| < | < | ||
| ip link add dev wg0 type wireguard | ip link add dev wg0 type wireguard | ||
| + | |||
| + | # Server | ||
| ip address add dev wg0 192.168.2.1/ | ip address add dev wg0 192.168.2.1/ | ||
| - | wg setconf wg0 wireguard.conf | + | |
| + | # Client | ||
| + | ip address add dev wg0 192.168.2.2/ | ||
| + | |||
| + | # Server | ||
| + | wg setconf wg0 wg.server.conf | ||
| + | |||
| + | # Client | ||
| + | wg setconf wg0 wg.client.conf | ||
| ip link set up dev wg0 | ip link set up dev wg0 | ||
| ip link set down dev wg0 | ip link set down dev wg0 | ||
| + | </ | ||
| + | |||
| + | ===== Firewall-Regeln nicht vergessen ===== | ||
| + | |||
| + | |||
| + | < | ||
| + | firewall-cmd | ||
| + | firewall-cmd --permanent --zone=public --add-port=51820/ | ||
| + | |||
| + | firewall-cmd | ||
| + | firewall-cmd --permanent --zone=public --add-masquerade | ||
| + | </ | ||
| + | |||
| + | ===== Prüfen, ob alles funktioniert ===== | ||
| + | |||
| + | |||
| + | < | ||
| + | # Server | ||
| + | wg | ||
| + | interface: wg0 | ||
| + | public key: aaa | ||
| + | private key: (hidden) | ||
| + | listening port: 51820 | ||
| + | |||
| + | peer: xxx | ||
| + | endpoint: yyy | ||
| + | allowed ips: 0.0.0.0/0 | ||
| + | latest handshake: 4 minutes, 18 seconds ago | ||
| + | transfer: 23.34 KiB received, 22.79 KiB sent | ||
| + | |||
| + | # Client | ||
| + | wg | ||
| + | interface: wg0 | ||
| + | public key: aaa | ||
| + | private key: (hidden) | ||
| + | listening port: 49198 | ||
| + | |||
| + | peer: xxx | ||
| + | endpoint: <server ip>: | ||
| + | allowed ips: 0.0.0.0/0 | ||
| + | latest handshake: 3 minutes, 57 seconds ago | ||
| + | transfer: 348 B received, 436 B sent | ||
| </ | </ | ||