Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung | ||
wireguard [20181225 13:14] – init Dirk Deimeke | wireguard [20181226 08:39] (aktuell) – Dirk Deimeke | ||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
====== WireGuard ====== | ====== WireGuard ====== | ||
+ | |||
+ | ===== Repositories für Fedora einbinden und WireGuard installieren ===== | ||
+ | |||
< | < | ||
dnf copr enable jdoss/ | dnf copr enable jdoss/ | ||
dnf install wireguard-dkms wireguard-tools | dnf install wireguard-dkms wireguard-tools | ||
+ | </ | ||
+ | ===== Keys erzeugen ===== | ||
+ | |||
+ | |||
+ | < | ||
wg genkey | tee wg.client.privatekey | wg pubkey > wg.client.publickey | wg genkey | tee wg.client.privatekey | wg pubkey > wg.client.publickey | ||
wg genkey | tee wg.server.privatekey | wg pubkey > wg.server.publickey | wg genkey | tee wg.server.privatekey | wg pubkey > wg.server.publickey | ||
Zeile 11: | Zeile 19: | ||
chmod 600 wg* | chmod 600 wg* | ||
</ | </ | ||
+ | |||
+ | ===== Server Konfigurationsdatei ===== | ||
+ | |||
< | < | ||
- | # Server | + | # Server |
[Interface] | [Interface] | ||
ListenPort = 51820 | ListenPort = 51820 | ||
Zeile 22: | Zeile 33: | ||
AllowedIPs = 0.0.0.0/0 | AllowedIPs = 0.0.0.0/0 | ||
</ | </ | ||
+ | |||
+ | ===== Client Konfigurationsdatei ===== | ||
+ | |||
< | < | ||
- | # Client | + | # Client |
[Interface] | [Interface] | ||
PrivateKey = < | PrivateKey = < | ||
Zeile 33: | Zeile 47: | ||
AllowedIPs = 0.0.0.0/0 | AllowedIPs = 0.0.0.0/0 | ||
</ | </ | ||
+ | |||
+ | ===== Netzwerkdevice erstellen und konfigurieren ===== | ||
+ | |||
< | < | ||
ip link add dev wg0 type wireguard | ip link add dev wg0 type wireguard | ||
+ | |||
+ | # Server | ||
ip address add dev wg0 192.168.2.1/ | ip address add dev wg0 192.168.2.1/ | ||
- | wg setconf wg0 wireguard.conf | + | |
+ | # Client | ||
+ | ip address add dev wg0 192.168.2.2/ | ||
+ | |||
+ | # Server | ||
+ | wg setconf wg0 wg.server.conf | ||
+ | |||
+ | # Client | ||
+ | wg setconf wg0 wg.client.conf | ||
ip link set up dev wg0 | ip link set up dev wg0 | ||
ip link set down dev wg0 | ip link set down dev wg0 | ||
+ | </ | ||
+ | |||
+ | ===== Firewall-Regeln nicht vergessen ===== | ||
+ | |||
+ | |||
+ | < | ||
+ | firewall-cmd | ||
+ | firewall-cmd --permanent --zone=public --add-port=51820/ | ||
+ | |||
+ | firewall-cmd | ||
+ | firewall-cmd --permanent --zone=public --add-masquerade | ||
+ | </ | ||
+ | |||
+ | ===== Prüfen, ob alles funktioniert ===== | ||
+ | |||
+ | |||
+ | < | ||
+ | # Server | ||
+ | wg | ||
+ | interface: wg0 | ||
+ | public key: aaa | ||
+ | private key: (hidden) | ||
+ | listening port: 51820 | ||
+ | |||
+ | peer: xxx | ||
+ | endpoint: yyy | ||
+ | allowed ips: 0.0.0.0/0 | ||
+ | latest handshake: 4 minutes, 18 seconds ago | ||
+ | transfer: 23.34 KiB received, 22.79 KiB sent | ||
+ | |||
+ | # Client | ||
+ | wg | ||
+ | interface: wg0 | ||
+ | public key: aaa | ||
+ | private key: (hidden) | ||
+ | listening port: 49198 | ||
+ | |||
+ | peer: xxx | ||
+ | endpoint: <server ip>: | ||
+ | allowed ips: 0.0.0.0/0 | ||
+ | latest handshake: 3 minutes, 57 seconds ago | ||
+ | transfer: 348 B received, 436 B sent | ||
</ | </ |