Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Nächste Überarbeitung | Vorhergehende Überarbeitung | ||
wireguard [20181225 13:01] – angelegt Dirk Deimeke | wireguard [20181226 08:39] (aktuell) – Dirk Deimeke | ||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
====== WireGuard ====== | ====== WireGuard ====== | ||
+ | ===== Repositories für Fedora einbinden und WireGuard installieren ===== | ||
+ | |||
+ | < | ||
+ | dnf copr enable jdoss/ | ||
+ | dnf install wireguard-dkms wireguard-tools | ||
+ | </ | ||
+ | |||
+ | ===== Keys erzeugen ===== | ||
+ | |||
+ | |||
+ | < | ||
+ | wg genkey | tee wg.client.privatekey | wg pubkey > wg.client.publickey | ||
+ | wg genkey | tee wg.server.privatekey | wg pubkey > wg.server.publickey | ||
+ | |||
+ | chown root:root wg* | ||
+ | chmod 600 wg* | ||
+ | </ | ||
+ | |||
+ | ===== Server Konfigurationsdatei ===== | ||
+ | |||
+ | |||
+ | < | ||
+ | # Server wg.server.conf | ||
+ | [Interface] | ||
+ | ListenPort = 51820 | ||
+ | PrivateKey = < | ||
+ | |||
+ | [Peer] | ||
+ | PublicKey = < | ||
+ | AllowedIPs = 0.0.0.0/0 | ||
+ | </ | ||
+ | |||
+ | ===== Client Konfigurationsdatei ===== | ||
+ | |||
+ | |||
+ | < | ||
+ | # Client wg.client.conf | ||
+ | [Interface] | ||
+ | PrivateKey = < | ||
+ | |||
+ | [Peer] | ||
+ | Endpoint = <public server IP>: | ||
+ | PublicKey = < | ||
+ | AllowedIPs = 0.0.0.0/0 | ||
+ | </ | ||
+ | |||
+ | ===== Netzwerkdevice erstellen und konfigurieren ===== | ||
+ | |||
+ | |||
+ | < | ||
+ | ip link add dev wg0 type wireguard | ||
+ | |||
+ | # Server | ||
+ | ip address add dev wg0 192.168.2.1/ | ||
+ | |||
+ | # Client | ||
+ | ip address add dev wg0 192.168.2.2/ | ||
+ | |||
+ | # Server | ||
+ | wg setconf wg0 wg.server.conf | ||
+ | |||
+ | # Client | ||
+ | wg setconf wg0 wg.client.conf | ||
+ | |||
+ | ip link set up dev wg0 | ||
+ | ip link set down dev wg0 | ||
+ | </ | ||
+ | |||
+ | ===== Firewall-Regeln nicht vergessen ===== | ||
+ | |||
+ | |||
+ | < | ||
+ | firewall-cmd | ||
+ | firewall-cmd --permanent --zone=public --add-port=51820/ | ||
+ | |||
+ | firewall-cmd | ||
+ | firewall-cmd --permanent --zone=public --add-masquerade | ||
+ | </ | ||
+ | |||
+ | ===== Prüfen, ob alles funktioniert ===== | ||
+ | |||
+ | |||
+ | < | ||
+ | # Server | ||
+ | wg | ||
+ | interface: wg0 | ||
+ | public key: aaa | ||
+ | private key: (hidden) | ||
+ | listening port: 51820 | ||
+ | |||
+ | peer: xxx | ||
+ | endpoint: yyy | ||
+ | allowed ips: 0.0.0.0/0 | ||
+ | latest handshake: 4 minutes, 18 seconds ago | ||
+ | transfer: 23.34 KiB received, 22.79 KiB sent | ||
+ | |||
+ | # Client | ||
+ | wg | ||
+ | interface: wg0 | ||
+ | public key: aaa | ||
+ | private key: (hidden) | ||
+ | listening port: 49198 | ||
+ | |||
+ | peer: xxx | ||
+ | endpoint: <server ip>: | ||
+ | allowed ips: 0.0.0.0/0 | ||
+ | latest handshake: 3 minutes, 57 seconds ago | ||
+ | transfer: 348 B received, 436 B sent | ||
+ | </ |