wireguard

Contents

wireguard

About

https://www.wireguard.com/

Mainlined with Linux 5.6. No DKMS needed anymore.

Installation

   1 aptitude install wireguard

With linux version < 5.6, this will also install wireguard-dkms as a dependency, an out-of-tree module, yet. With DKMS you will be forced to disable Secure Boot in BIOS to load this module, because it's not signed by Microsoft, because it's built locally. I got the following error:

   1 modprobe wireguard
   2 modprobe: ERROR: could not insert 'wireguard': Operation not permitted

Configure

Client

Create keys

   1 sh
   2 PREFIX="/etc/wireguard";
   3 NAME="$(hostname -s)"
   4 umask 077;
   5 mkdir "$PREFIX";
   6 cd "$PREFIX";
   7 wg genkey > "$PREFIX/wg_$NAME.key";
   8 wg pubkey < "$PREFIX/wg_$NAME.key" > "$PREFIX/wg_$(hostname -s).pub";
   9 wg genpsk > "$PREFIX/wg_$NAME.psk";
  10 exit

Create wg-quick config
/etc/wireguard/wg_libertas.conf

   1 ###WIREGUARD CONFIG
   2 #HOST:  "libertas"
   3 #PEER:  "hostname.dyna.rockstable.it"
   4 #DATE:  "2020-12-25"
   5 
   6 [Interface]
   7 DNS             = 10.255.255.1/24
   8 #MTU            =
   9 #Table          =
  10 #PreUp          =
  11 #PostUp         =
  12 #PreDown        =
  13 #PostDown       =
  14 #SaveConfig     = false
  15 PrivateKey      = eOPGzM9Sa8LR3Q/zD17q6zPOLYSx3D/d0Jb2QeskjHQ=
  16 #FwMark =
  17 ListenPort = 51820
  18 
  19 [Peer]
  20 PublicKey = e3ZITGXKIUXrtjg0/0LAt2/lSuJtASX3/25itWLwBRA=
  21 Endpoint = hostname.dyna.rockstable.it:51820
  22 AllowedIPs = 10.255.255.0/24
  23 AllowedIPs = 0.0.0.0/0
  24 #AllowedIPs = 0.0.0.0/0, ::/0
  25 PresharedKey = JNVOOUGtSJv9iqaoX63da3Xx1dzTWdk13+hXyoyfM0w=
  26 #PersistentKeepalive =

When the server is configured, start the tunnel.

   1 wg
   2 wg-quick up wg_libertas
   3 wg

Server

Create wg-quick config
/etc/wireguard/wg_hostname.conf

   1 [Interface]
   2 ListenPort = 51820
   3 PrivateKey = CLr3+ATltMgdABUc7bBJXZC9vly60QIBNA+k0oF3+3g=
   4 
   5 [Peer]
   6 PublicKey = uELE8TT4eCR/kxwh+AlBvSF3MmrOhzvsHPKfTs5vKUY=
   7 PresharedKey = JNVOOUGtSJv9iqaoX63da3Xx1dzTWdk13+hXyoyfM0w=
   8 AllowedIPs = 10.255.255.5/32
   9 Endpoint = libertas

Start listening

   1 wg
   2 wg-quick up wg_hostname
   3 wg

Configurations

Services

Misc

Navigation