Wireguard

Siehe auch

• IPsec

• OpenVPN

Erstellung Keypair

Die Keypairs müssen auf dem Server sowie auf jedem Client erstellt werden.

wg genkey | (umask 0077 && sudo tee /etc/wireguard/private.key) | wg pubkey | sudo tee /etc/wireguard/public.key

Installation Server

Netzwerk Konfiguration:

/etc/sysctl.conf

net.ipv4.ip_forward=1

sudo sysctl -p

Server Installation:

sudo dnf install elrepo-release epel-release
sudo dnf install kmod-wireguard wireguard-tools

Server-Konfiguration:

/etc/wireguard/wg0.conf

[Interface]
PrivateKey = base64_encoded_private_key_goes_here
Address = 192.0.2.1/24
ListenPort = 51820
SaveConfig = true

systemctl enable --now wg-quick@wg0.service
ip a
wg

Client auf dem Server hinzufügen:

sudo wg set wg0 peer base64_encoded_public_key_of_client_goes_here allowed-ips 192.0.2.2

Wireguard-Client

Client Installation:

sudo dnf install elrepo-release epel-release
sudo dnf install kmod-wireguard wireguard-tools

Client-Konfiguration:

/etc/wireguard/wg0.conf

[Interface]
PrivateKey = base64_encoded_peer_private_key_goes_here
Address = 192.0.2.2/24

[Peer]
PublicKey = base64_encoded_server_public_key_goes_here
AllowedIPs = 192.0.2.0/24
Endpoint = 203.0.113.1:51820

systemctl enable --now wg-quick@wg0.service
ip a
wg

Built on 2024-11-18