wireguard
This is an old revision of the document!
Table of Contents
Wireguard
Install Wireguard on Debian 9.x and Raspbian 10.x
# echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list # echo -e "Package: *\nPin: release a=unstable\nPin-Priority: 150\n" > /etc/apt/preferences.d/limit-unstable # apt-get update && apt-get install wireguard-dkms wireguard-tools # modprobe wireguard && lsmod | grep wireguard
Create Key Pairs
Host A
root@hosta# wg genkey > privateA root@hosta# wg pubkey < privateA > publicA
Host B
root@hostb# wg genkey > privateB root@hostb# wg pubkey < privateB > publicB
Assign Link Network to Wireguard-Tunnel
Link-Network: 172.24.0.0/30 HostA: 172.24.0.1/30 HostB: 172.24.0.2/30
Create Config
Host A
# cat /etc/wireguard/wg0.conf # HostA - HostB [Interface] Address = 172.24.0.1/30 PrivateKey = <contents of privateA> ListenPort = 51820 [Peer] PublicKey = <contents of publicB> AllowedIPs = 172.24.0.2/32
Host B
# cat /etc/wireguard/wg0.conf # HostB - HostA [Interface] Address = 172.24.0.2/30 PrivateKey = <contents of privateB> ListenPort = 51820 [Peer] PublicKey = <contents of publicA> AllowedIPs = 172.24.0.1/32 # Uncomment if HostB is behind NAT Router # PersistentKeepAlive = 25
Start Wireguard Tunnel
Issue on both hosts # wg-quick up wg0
Check Status
Host A
# wg interface: wg0 public key: PUBLIC-KEY-A private key: (hidden) listening port: 51820 peer: PUBLIC-KEY-B endpoint: 185.69.244.140:25920 allowed ips: 172.24.0.2/32 latest handshake: 1 minute, 44 seconds ago transfer: 2.80 MiB received, 1.09 MiB sent
Host B
# wg interface: wg0 public key: PUBLIC-KEY-B private key: (hidden) listening port: 51820 peer: PUBLIC-KEY-A endpoint: 144.76.72.57:51820 allowed ips: 172.24.0.1/32 latest handshake: 21 seconds ago transfer: 1006.68 KiB received, 2.57 MiB sent persistent keepalive: every 25 seconds
wireguard.1614062670.txt.gz · Last modified: 2021/02/23 07:44 by baumi