Difference between revisions of "Bering-uClibc 7.x - User Guide - Advanced Topics - Wireguard"
(Created page with "{| summary="Navigation header" width="100%" ! colspan="3" align="center" | Bering-uClibc 7.x - User Guide - Advanced Topics - Configuring Wireguard|Advanced Topics - Configu...") |
|||
| Line 7: | Line 7: | ||
|} | |} | ||
---- | ---- | ||
| + | |||
| + | ==Configuring Wireguard== | ||
| + | |||
| + | ===Objectives=== | ||
| + | This is a short introduction on how to configure the wireguard VPN on your LEAF system. | ||
| + | |||
| + | ===Prerequisites=== | ||
| + | The software used build a VPN tunnel using '''''[https://www.wireguard.com/ wireguard]''''' is packaged in the '''''wireguard.lrp''''' LEAF package. You should be familiar on how to obtain LEAF packages from either a tarball in the LEAF file area or to download it using your internet connection. You should also be familiar on how to set up LEAF to automatically install packages. | ||
| + | |||
| + | ====Dependencies==== | ||
| + | As of '''LEAF 7.x''' '''''wireguard.lrp''''' depends on the following packages: | ||
| + | * bash.lrp | ||
| + | |||
| + | ===Configuration=== | ||
| + | |||
| + | The wireguard VPN software is configured using a text file '''''/etc/wireguard/wg<tunnel ID>.conf''''', typically '''''/etc/wireguard/wg0.conf'''''. It is also controlled by the file '''''/etc/default/wireguard''''' where a few start parameters are defined. The '''''wireguard.lrp''''' package includes a copy of these two files for your reference. | ||
| + | |||
| + | ====wpa_supplicant.conf==== | ||
| + | |||
| + | The '''''/etc/wireguard/wg0.conf''''' file is used to tell hold the wireguard keys and information about the wireguard peer. The '''''wireguard''''' VPN is a peer network, however slight differences in the configurations exist, especially the initiator side uses the parameter Endoint to address its peer. The example below shows the client or initiator side of the '''''wireguard''''' VPN. | ||
| + | |||
| + | # This is a dummy configuration file for the wireguard VPN server. | ||
| + | # It should reside in /etc/wireguard and is designed to be used | ||
| + | # by the wg-quick script viz: | ||
| + | # 'wg-quick up wg0' to start the VPN server and | ||
| + | # 'wg-quick down wg0' to stop it. | ||
| + | # | ||
| + | # Generate the private & public keys required thus: | ||
| + | # umask 077 | ||
| + | # wg genkey | tee private_key | wg pubkey > public_key | ||
| + | # | ||
| + | # Dummy config: | ||
| + | # | ||
| + | [Interface] | ||
| + | Address = 192.168.17.2/24 | ||
| + | ListenPort = 11194 | ||
| + | PrivateKey = EKufmuT959jTCnFlK+jjhJvzPQWdEaEzNWsHIYnzTV8= | ||
| + | # | ||
| + | # | ||
| + | # Peer1 | ||
| + | [Peer] | ||
| + | PublicKey = DJDe260WVX8Cm2gjf/0nmklHkO8N8XgSTpvB34zJzz0= | ||
| + | AllowedIPs = 192.168.17.1 | ||
| + | Endpoint = the_other_side.example.net:11194 | ||
| + | # | ||
| + | # Peer2 | ||
| + | #[Peer] | ||
| + | #PublicKey = <Peer 2 public key base64 string> | ||
| + | #AllowedIPs = <comma-separated address/cidr ranges allowed access from Peer 2> | ||
| + | # | ||
Revision as of 13:23, 8 January 2021
| Advanced Topics - Configuring Wireguard | ||
|---|---|---|
| Prev | Bering-uClibc 7.x - User Guide | Next |
Contents
Configuring Wireguard
Objectives
This is a short introduction on how to configure the wireguard VPN on your LEAF system.
Prerequisites
The software used build a VPN tunnel using wireguard is packaged in the wireguard.lrp LEAF package. You should be familiar on how to obtain LEAF packages from either a tarball in the LEAF file area or to download it using your internet connection. You should also be familiar on how to set up LEAF to automatically install packages.
Dependencies
As of LEAF 7.x wireguard.lrp depends on the following packages:
- bash.lrp
Configuration
The wireguard VPN software is configured using a text file /etc/wireguard/wg<tunnel ID>.conf, typically /etc/wireguard/wg0.conf. It is also controlled by the file /etc/default/wireguard where a few start parameters are defined. The wireguard.lrp package includes a copy of these two files for your reference.
wpa_supplicant.conf
The /etc/wireguard/wg0.conf file is used to tell hold the wireguard keys and information about the wireguard peer. The wireguard VPN is a peer network, however slight differences in the configurations exist, especially the initiator side uses the parameter Endoint to address its peer. The example below shows the client or initiator side of the wireguard VPN.
# This is a dummy configuration file for the wireguard VPN server. # It should reside in /etc/wireguard and is designed to be used # by the wg-quick script viz: # 'wg-quick up wg0' to start the VPN server and # 'wg-quick down wg0' to stop it. # # Generate the private & public keys required thus: # umask 077 # wg genkey | tee private_key | wg pubkey > public_key # # Dummy config: # [Interface] Address = 192.168.17.2/24 ListenPort = 11194 PrivateKey = EKufmuT959jTCnFlK+jjhJvzPQWdEaEzNWsHIYnzTV8= # # # Peer1 [Peer] PublicKey = DJDe260WVX8Cm2gjf/0nmklHkO8N8XgSTpvB34zJzz0= AllowedIPs = 192.168.17.1 Endpoint = the_other_side.example.net:11194 # # Peer2 #[Peer] #PublicKey = <Peer 2 public key base64 string> #AllowedIPs = <comma-separated address/cidr ranges allowed access from Peer 2> #
