Difference between revisions of "Wireguard"

From Briki
Jump to: navigation, search
 
(3 intermediate revisions by the same user not shown)
Line 20: Line 20:
  
 
=== Notes ===
 
=== Notes ===
* Interface
+
==== Interface ====
;Interface Address
+
;Address
: the address of the server and the subnet that will be used for the private network
+
:Address of the server and the subnet that will be used for the private network. Optional, not sure what happens without it!
;Interface ListenPort
+
;ListenPort
: the port on which the server will listen for connections (51820 is generally used)
+
:Port on which the server will listen for connections (51820 is generally used)
 
;PrivateKey
 
;PrivateKey
:the private key for the server (used to authenticate traffic going back to the peer)
+
:Private key for the server (used to encrypt traffic going back to the client)
  
* Peer
+
==== Peer ====
 +
;PublicKey
 +
:the public key for the client (used to identify and authenticate traffic coming from the client)
 +
;AllowedIPs
 +
:addresses from which the client is allowed to send traffic (the subnet will typically be ''32'' here). Note that when receiving traffic, ''AllowedIPs' acts as an ACL.
 +
 
 +
== Example Client Config ==
 +
 
 +
<pre>
 +
[Interface]
 +
Address = 192.168.130.1/24
 +
DNS = 192.168.1.1
 +
PrivateKey = PRIV456
 +
 
 +
 
 +
[Peer]
 +
Endpoint = my.vpnserver.com:51820
 +
PublicKey = PUB123
 +
AllowedIPs = 0.0.0.0/0, ::/0
 +
</pre>
 +
 
 +
=== Notes ===
 +
==== Interface ====
 +
;Address
 +
:Address of the client and the subnet that will be used for the private network. If subnet is 32, then different WG clients connecting into the same server won't be able to talk to each other; if it's 24 then they will. Optional, not sure what happens without it!
 +
;DNS
 +
:DNS server to use for name resolution
 +
;PrivateKey
 +
:Private key for the client (used to encrypt traffic going to the server)
 +
 
 +
==== Peer ====
 +
;Endpoint
 +
:Host and port of the server
 +
;PublicKey
 +
:the public key for the server (used to authenticate traffic coming back from the server)
 +
;AllowedIPs
 +
:addresses for which traffic should be routed to the server. Note that when sending traffic, ''AllowedIPs' acts as a routing table entry.

Latest revision as of 05:27, 15 May 2024

Follow these guides:

But note that `AllowedIPs` on the client should be `AllowedIPs = 0.0.0.0/0, ::/0` to use as a VPN for everything (more detail here: https://docs.pi-hole.net/guides/vpn/wireguard/route-everything/)

Example Server Config

[Interface]
Address = 192.168.130.1/24
ListenPort = 51820
PrivateKey = PRIV123


[Peer]
PublicKey = PUB456
AllowedIPs = 192.168.130.2/32

Notes

Interface

Address
Address of the server and the subnet that will be used for the private network. Optional, not sure what happens without it!
ListenPort
Port on which the server will listen for connections (51820 is generally used)
PrivateKey
Private key for the server (used to encrypt traffic going back to the client)

Peer

PublicKey
the public key for the client (used to identify and authenticate traffic coming from the client)
AllowedIPs
addresses from which the client is allowed to send traffic (the subnet will typically be 32 here). Note that when receiving traffic, AllowedIPs' acts as an ACL.

Example Client Config

[Interface]
Address = 192.168.130.1/24
DNS = 192.168.1.1
PrivateKey = PRIV456


[Peer]
Endpoint = my.vpnserver.com:51820
PublicKey = PUB123
AllowedIPs = 0.0.0.0/0, ::/0

Notes

Interface

Address
Address of the client and the subnet that will be used for the private network. If subnet is 32, then different WG clients connecting into the same server won't be able to talk to each other; if it's 24 then they will. Optional, not sure what happens without it!
DNS
DNS server to use for name resolution
PrivateKey
Private key for the client (used to encrypt traffic going to the server)

Peer

Endpoint
Host and port of the server
PublicKey
the public key for the server (used to authenticate traffic coming back from the server)
AllowedIPs
addresses for which traffic should be routed to the server. Note that when sending traffic, AllowedIPs' acts as a routing table entry.