Difference between revisions of "Wireguard"
From Briki
(→Notes) |
(→Example Server Config) |
||
| Line 26: | Line 26: | ||
:the port on which the server will listen for connections (51820 is generally used) | :the port on which the server will listen for connections (51820 is generally used) | ||
;PrivateKey | ;PrivateKey | ||
| − | :the private key for the server (used to | + | :the private key for the server (used to encrypt traffic going back to the peer) |
==== Peer ==== | ==== Peer ==== | ||
| + | ;PublicKey | ||
| + | :the public key for the peer (used to identify and authenticate traffic coming from the peer) | ||
| + | ;AllowedIPs | ||
| + | :addresses from which the peer is allowed to send traffic (the subnet will typically be ''32'' here) | ||
Revision as of 05:12, 15 May 2024
Follow these guides:
- https://www.freecodecamp.org/news/build-your-own-wireguard-vpn-in-five-minutes/
- https://www.wireguardconfig.com/
But note that `AllowedIPs` on the client should be `AllowedIPs = 0.0.0.0/0, ::/0` to use as a VPN for everything (more detail here: https://docs.pi-hole.net/guides/vpn/wireguard/route-everything/)
Example Server Config
[Interface] Address = 192.168.130.1/24 ListenPort = 51820 PrivateKey = PRIV123 [Peer] PublicKey = PUB456 AllowedIPs = 192.168.130.2/32
Notes
Interface
- Address
- the address of the server and the subnet that will be used for the private network
- ListenPort
- the port on which the server will listen for connections (51820 is generally used)
- PrivateKey
- the private key for the server (used to encrypt traffic going back to the peer)
Peer
- PublicKey
- the public key for the peer (used to identify and authenticate traffic coming from the peer)
- AllowedIPs
- addresses from which the peer is allowed to send traffic (the subnet will typically be 32 here)
