Inst wireguard » History » Version 11
Michael Gunsch, 11/15/2023 06:36 PM
| 1 | 2 | Michael Gunsch | h1. Installation WireGuard unter Debian |
|---|---|---|---|
| 2 | 3 | Michael Gunsch | |
| 3 | 10 | Michael Gunsch | h2. Dokumentation/Anleitung |
| 4 | 3 | Michael Gunsch | |
| 5 | https://www.wireguard.com/ |
||
| 6 | |||
| 7 | 4 | Michael Gunsch | h2. Pakete installieren |
| 8 | |||
| 9 | <pre> |
||
| 10 | sudo apt install wireguard wireguard-tools |
||
| 11 | </pre> |
||
| 12 | |||
| 13 | 3 | Michael Gunsch | h2. Konfiguration |
| 14 | 4 | Michael Gunsch | |
| 15 | h3. Schlüsselpaar erzeugen |
||
| 16 | |||
| 17 | <pre> |
||
| 18 | wg genkey | tee wg_priv_key | wg pubkey > wg_pub_key |
||
| 19 | chmod 600 wg_priv_key |
||
| 20 | chmod 600 wg_pub_key |
||
| 21 | </pre> |
||
| 22 | |||
| 23 | 11 | Michael Gunsch | oder |
| 24 | |||
| 25 | <pre> |
||
| 26 | wg genkey | tee wg_priv_key | wg pubkey > wg_pub_key && chmod 600 wg_priv_key && chmod 600 wg_pub_key |
||
| 27 | </pre> |
||
| 28 | |||
| 29 | 5 | Michael Gunsch | Der private Schlüssel bleibt lokal, der öffentliche Schlüssel wird zum entfernten Partner übertragen. |
| 30 | |||
| 31 | h3. Konfigurationsdatei lokal |
||
| 32 | |||
| 33 | Die Konfigurationsdatei liegt in @/etc/wireguard/wg0.conf@, wobei anstelle der Null eine beliebige Zahl stehen darf. Dieser Name – im Beispiel @wg0@ – ist auch der Name der Netzwerkschnittstelle, die von WireGuard angelegt wird. |
||
| 34 | |||
| 35 | 6 | Michael Gunsch | /etc/wireguard/wg0.conf |
| 36 | |||
| 37 | 5 | Michael Gunsch | <pre> |
| 38 | [Interface] |
||
| 39 | PrivateKey = <insert private key here> |
||
| 40 | Address = 172.16.4.8/24 |
||
| 41 | |||
| 42 | [Peer] |
||
| 43 | PublicKey = <insert peer's public key here> |
||
| 44 | AllowedIPs = 172.16.4.0/24 |
||
| 45 | Endpoint = puntodivista.ch:51820 |
||
| 46 | PersistentKeepalive = 25 |
||
| 47 | 1 | Michael Gunsch | </pre> |
| 48 | 7 | Michael Gunsch | |
| 49 | 1 | Michael Gunsch | h3. Konfigurationsdatei entfernt |
| 50 | 8 | Michael Gunsch | |
| 51 | /etc/wireguard/wg0.conf |
||
| 52 | |||
| 53 | <pre> |
||
| 54 | [Interface] |
||
| 55 | Address = 172.16.4.1/24 |
||
| 56 | PrivateKey = <insert private key here> |
||
| 57 | ListenPort = 51820 |
||
| 58 | |||
| 59 | # Sample client |
||
| 60 | [Peer] |
||
| 61 | PublicKey = <insert peer's public key here> |
||
| 62 | AllowedIPs = 172.16.4.2 |
||
| 63 | </pre> |
||
| 64 | 9 | Michael Gunsch | |
| 65 | h3. VPN manuell starten/stoppen |
||
| 66 | |||
| 67 | <pre> |
||
| 68 | sudo wg-quick up wg0 |
||
| 69 | sudo wg-quick down wg0 |
||
| 70 | </pre> |
||
| 71 | |||
| 72 | h3. Automatischer Start über @systemctl@ |
||
| 73 | |||
| 74 | <pre> |
||
| 75 | sudo systemctl enable wg-quick@wg0 |
||
| 76 | sudo systemctl start wg-quick@wg0 |
||
| 77 | </pre> |