Difference between revisions of "Wireguard"
From Briki
(→Example Server Config) |
|||
| Line 26: | Line 26: | ||
:Port on which the server will listen for connections (51820 is generally used) | :Port on which the server will listen for connections (51820 is generally used) | ||
;PrivateKey | ;PrivateKey | ||
| − | :Private key for the server (used to encrypt traffic going back to the | + | :Private key for the server (used to encrypt traffic going back to the client) |
==== Peer ==== | ==== Peer ==== | ||
;PublicKey | ;PublicKey | ||
| − | :the public key for the | + | :the public key for the client (used to identify and authenticate traffic coming from the client) |
;AllowedIPs | ;AllowedIPs | ||
| − | :addresses from which the | + | :addresses from which the client is allowed to send traffic (the subnet will typically be ''32'' here). Note that when receiving traffic, ''AllowedIPs' acts as an ACL. |
| + | |||
| + | == Example Client Config == | ||
| + | |||
| + | <pre> | ||
| + | [Interface] | ||
| + | Address = 192.168.130.1/24 | ||
| + | DNS = 192.168.1.1 | ||
| + | PrivateKey = PRIV456 | ||
| + | |||
| + | |||
| + | [Peer] | ||
| + | Endpoint = my.vpnserver.com:51820 | ||
| + | PublicKey = PUB123 | ||
| + | AllowedIPs = 0.0.0.0/0, ::/0 | ||
| + | </pre> | ||
| + | |||
| + | === Notes === | ||
| + | ==== Interface ==== | ||
| + | ;Address | ||
| + | :Address of the client and the subnet that will be used for the private network. If subnet is 32, then different WG clients connecting into the same server won't be able to talk to each other; if it's 24 then they will. Optional, not sure what happens without it! | ||
| + | ;DNS | ||
| + | :DNS server to use for name resolution | ||
| + | ;PrivateKey | ||
| + | :Private key for the client (used to encrypt traffic going to the server) | ||
| + | |||
| + | ==== Peer ==== | ||
| + | ;Endpoint | ||
| + | :Host and port of the server | ||
| + | ;PublicKey | ||
| + | :the public key for the server (used to authenticate traffic coming back from the server) | ||
| + | ;AllowedIPs | ||
| + | :addresses for which traffic should be routed to the server. Note that when sending traffic, ''AllowedIPs' acts as a routing table entry. | ||
Latest revision as of 06:27, 15 May 2024
Follow these guides:
- https://www.freecodecamp.org/news/build-your-own-wireguard-vpn-in-five-minutes/
- https://www.wireguardconfig.com/
But note that `AllowedIPs` on the client should be `AllowedIPs = 0.0.0.0/0, ::/0` to use as a VPN for everything (more detail here: https://docs.pi-hole.net/guides/vpn/wireguard/route-everything/)
Contents
Example Server Config
[Interface] Address = 192.168.130.1/24 ListenPort = 51820 PrivateKey = PRIV123 [Peer] PublicKey = PUB456 AllowedIPs = 192.168.130.2/32
Notes
Interface
- Address
- Address of the server and the subnet that will be used for the private network. Optional, not sure what happens without it!
- ListenPort
- Port on which the server will listen for connections (51820 is generally used)
- PrivateKey
- Private key for the server (used to encrypt traffic going back to the client)
Peer
- PublicKey
- the public key for the client (used to identify and authenticate traffic coming from the client)
- AllowedIPs
- addresses from which the client is allowed to send traffic (the subnet will typically be 32 here). Note that when receiving traffic, AllowedIPs' acts as an ACL.
Example Client Config
[Interface] Address = 192.168.130.1/24 DNS = 192.168.1.1 PrivateKey = PRIV456 [Peer] Endpoint = my.vpnserver.com:51820 PublicKey = PUB123 AllowedIPs = 0.0.0.0/0, ::/0
Notes
Interface
- Address
- Address of the client and the subnet that will be used for the private network. If subnet is 32, then different WG clients connecting into the same server won't be able to talk to each other; if it's 24 then they will. Optional, not sure what happens without it!
- DNS
- DNS server to use for name resolution
- PrivateKey
- Private key for the client (used to encrypt traffic going to the server)
Peer
- Endpoint
- Host and port of the server
- PublicKey
- the public key for the server (used to authenticate traffic coming back from the server)
- AllowedIPs
- addresses for which traffic should be routed to the server. Note that when sending traffic, AllowedIPs' acts as a routing table entry.
