knowledge/technology/applications/network/Wireguard.md
2023-12-04 11:02:23 +01:00

2.9 KiB

website obj android-id
https://www.wireguard.com/ application com.wireguard.android

Wireguard

WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable.

Configuration

Generate Key Pair

Before configuring WireGuard, you need to generate a key pair for the server and each client.

# Generate private and public key for the server
wg genkey | tee privatekey | wg pubkey > publickey

# Repeat the process for each client
wg genkey | tee privatekey-client1 | wg pubkey > publickey-client1

Server Configuration

Create a configuration file for the WireGuard server, typically named wg0.conf.

[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = <server_private_key>

[Peer]
PublicKey = <client1_public_key>
AllowedIPs = 10.0.0.2/32

Client Configuration

Create a configuration file for each client, replacing <server_public_key> and <client_private_key> with the appropriate keys.

[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = <server_private_key>

[Peer]
PublicKey = <client1_public_key>
AllowedIPs = 10.0.0.2/32

Start WireGuard

Linux

sudo wg-quick up wg0

macOS and Windows

Use the provided GUI application or run the following command in the terminal.

sudo wg-quick up wg0

Docker Compose

There is a simple docker container with a fancy web GUI.

version: "3.8"
services:
  wg-easy:
    environment:
      - WG_HOST=yourdomain.com
      - PASSWORD=password
      - WG_PORT=51820
      - WG_DEFAULT_ADDRESS=10.8.0.x
      - WG_DEFAULT_DNS=1.1.1.1
      - WG_MTU=1420
      - WG_ALLOWED_IPS=192.168.178.0/24
      - WG_PRE_UP=echo "Pre Up" > /etc/wireguard/pre-up.txt
      - WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt
      - WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt
      - WG_POST_DOWN=echo "Post Down" > /etc/wireguard/post-down.txt
    image: weejewel/wg-easy
    volumes:
      - ./config:/etc/wireguard
    ports:
    # WireGuard Port
      - "51820:51820/udp"
    # Web UI
      - "51821:51821/tcp"
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1