Difference between revisions of "Wireguard"

From Briki
Jump to: navigation, search
(Example Server Config)
 
Line 26: Line 26:
 
:Port on which the server will listen for connections (51820 is generally used)
 
:Port on which the server will listen for connections (51820 is generally used)
 
;PrivateKey
 
;PrivateKey
:Private key for the server (used to encrypt traffic going back to the peer)
+
:Private key for the server (used to encrypt traffic going back to the client)
  
 
==== Peer ====
 
==== Peer ====
 
;PublicKey
 
;PublicKey
:the public key for the peer (used to identify and authenticate traffic coming from the peer)
+
:the public key for the client (used to identify and authenticate traffic coming from the client)
 
;AllowedIPs
 
;AllowedIPs
:addresses from which the peer is allowed to send traffic (the subnet will typically be ''32'' here)
+
:addresses from which the client is allowed to send traffic (the subnet will typically be ''32'' here). Note that when receiving traffic, ''AllowedIPs' acts as an ACL.
 +
 
 +
== Example Client Config ==
 +
 
 +
<pre>
 +
[Interface]
 +
Address = 192.168.130.1/24
 +
DNS = 192.168.1.1
 +
PrivateKey = PRIV456
 +
 
 +
 
 +
[Peer]
 +
Endpoint = my.vpnserver.com:51820
 +
PublicKey = PUB123
 +
AllowedIPs = 0.0.0.0/0, ::/0
 +
</pre>
 +
 
 +
=== Notes ===
 +
==== Interface ====
 +
;Address
 +
:Address of the client and the subnet that will be used for the private network. If subnet is 32, then different WG clients connecting into the same server won't be able to talk to each other; if it's 24 then they will. Optional, not sure what happens without it!
 +
;DNS
 +
:DNS server to use for name resolution
 +
;PrivateKey
 +
:Private key for the client (used to encrypt traffic going to the server)
 +
 
 +
==== Peer ====
 +
;Endpoint
 +
:Host and port of the server
 +
;PublicKey
 +
:the public key for the server (used to authenticate traffic coming back from the server)
 +
;AllowedIPs
 +
:addresses for which traffic should be routed to the server. Note that when sending traffic, ''AllowedIPs' acts as a routing table entry.

Latest revision as of 05:27, 15 May 2024

Follow these guides:

But note that `AllowedIPs` on the client should be `AllowedIPs = 0.0.0.0/0, ::/0` to use as a VPN for everything (more detail here: https://docs.pi-hole.net/guides/vpn/wireguard/route-everything/)

Example Server Config

[Interface]
Address = 192.168.130.1/24
ListenPort = 51820
PrivateKey = PRIV123


[Peer]
PublicKey = PUB456
AllowedIPs = 192.168.130.2/32

Notes

Interface

Address
Address of the server and the subnet that will be used for the private network. Optional, not sure what happens without it!
ListenPort
Port on which the server will listen for connections (51820 is generally used)
PrivateKey
Private key for the server (used to encrypt traffic going back to the client)

Peer

PublicKey
the public key for the client (used to identify and authenticate traffic coming from the client)
AllowedIPs
addresses from which the client is allowed to send traffic (the subnet will typically be 32 here). Note that when receiving traffic, AllowedIPs' acts as an ACL.

Example Client Config

[Interface]
Address = 192.168.130.1/24
DNS = 192.168.1.1
PrivateKey = PRIV456


[Peer]
Endpoint = my.vpnserver.com:51820
PublicKey = PUB123
AllowedIPs = 0.0.0.0/0, ::/0

Notes

Interface

Address
Address of the client and the subnet that will be used for the private network. If subnet is 32, then different WG clients connecting into the same server won't be able to talk to each other; if it's 24 then they will. Optional, not sure what happens without it!
DNS
DNS server to use for name resolution
PrivateKey
Private key for the client (used to encrypt traffic going to the server)

Peer

Endpoint
Host and port of the server
PublicKey
the public key for the server (used to authenticate traffic coming back from the server)
AllowedIPs
addresses for which traffic should be routed to the server. Note that when sending traffic, AllowedIPs' acts as a routing table entry.