Wireguard
Erstellung Keypair
Die Keypairs müssen auf dem Server sowie auf jedem Client erstellt werden.
wg genkey | (umask 0077 && sudo tee /etc/wireguard/private.key) | wg pubkey | sudo tee /etc/wireguard/public.key
Installation Server
Netzwerk Konfiguration:
net.ipv4.ip_forward=1
sudo sysctl -p
Server Installation:
sudo dnf install elrepo-release epel-release
sudo dnf install kmod-wireguard wireguard-tools
Server-Konfiguration:
[Interface]
PrivateKey = base64_encoded_private_key_goes_here
Address = 192.0.2.1/24
ListenPort = 51820
SaveConfig = true
systemctl enable --now wg-quick@wg0.service
ip a
wg
Client auf dem Server hinzufügen:
sudo wg set wg0 peer base64_encoded_public_key_of_client_goes_here allowed-ips 192.0.2.2
Wireguard-Client
Client Installation:
sudo dnf install elrepo-release epel-release
sudo dnf install kmod-wireguard wireguard-tools
Client-Konfiguration:
[Interface]
PrivateKey = base64_encoded_peer_private_key_goes_here
Address = 192.0.2.2/24
[Peer]
PublicKey = base64_encoded_server_public_key_goes_here
AllowedIPs = 192.0.2.0/24
Endpoint = 203.0.113.1:51820
systemctl enable --now wg-quick@wg0.service
ip a
wg
Built on 2024-09-30