Wireguard

Siehe auch

• IPsec

• OpenVPN

Installation Server

sudo dnf -y install wireguard wireguard-tools

Server-Konfiguration:

/etc/wireguard/wg0.conf

[Interface]
Address = 192.0.2.1/24
ListenPort = 51442
PrivateKey = ... # of server
DNS = 192.0.2.1
DNS = fritz.box

[Peer]
# comment
PublicKey = ... # of client
PresharedKey = c6236372-7dec-43aa-869b-dcc0361ef2a9
AllowedIPs = 192.0.2.202/32
PersistentKeepalive = 25

[Peer]
# comment
PublicKey = ... # of client
...

systemctl enable --now wg-quick@wg0.service
ip a
wg

Wird ein Wireguard-Client unter [Peer] hinzugefügt, muss der Wireguard-Service neu geladen werden:

systemctl reload wg-quick@wg0.service

Wireguard-Client

client=roscon-workshop
wg genkey | (umask 0077 && tee "$client".key) | wg pubkey > "$client".pub

Client-Konfiguration:

/etc/wireguard/wg0.conf

[Interface]
Address = 192.0.2.2/32
PrivateKey = ... # of client

[Peer]
PublicKey = ... # of server
Endpoint = wireguard-host:51442
#AllowedIPs = 0.0.0.0/0, ::/0
AllowedIPs = 192.0.2.0/24, 10.13.33.0/24, 10.42.1.0/24

Built on 2023-11-28