Wireguard

From Briki
Jump to: navigation, search

Follow these guides:

But note that `AllowedIPs` on the client should be `AllowedIPs = 0.0.0.0/0, ::/0` to use as a VPN for everything (more detail here: https://docs.pi-hole.net/guides/vpn/wireguard/route-everything/)

Example Server Config

[Interface]
Address = 192.168.130.1/24
ListenPort = 51820
PrivateKey = PRIV123


[Peer]
PublicKey = PUB456
AllowedIPs = 192.168.130.2/32

Notes

Interface

Address
Address of the server and the subnet that will be used for the private network. Optional, not sure what happens without it!
ListenPort
Port on which the server will listen for connections (51820 is generally used)
PrivateKey
Private key for the server (used to encrypt traffic going back to the client)

Peer

PublicKey
the public key for the client (used to identify and authenticate traffic coming from the client)
AllowedIPs
addresses from which the client is allowed to send traffic (the subnet will typically be 32 here). Note that when receiving traffic, AllowedIPs' acts as an ACL.

Example Client Config

[Interface]
Address = 192.168.130.1/24
DNS = 192.168.1.1
PrivateKey = PRIV456


[Peer]
Endpoint = my.vpnserver.com:51820
PublicKey = PUB123
AllowedIPs = 0.0.0.0/0, ::/0

Notes

Interface

Address
Address of the client and the subnet that will be used for the private network. If subnet is 32, then different WG clients connecting into the same server won't be able to talk to each other; if it's 24 then they will. Optional, not sure what happens without it!
DNS
DNS server to use for name resolution
PrivateKey
Private key for the client (used to encrypt traffic going to the server)

Peer

Endpoint
Host and port of the server
PublicKey
the public key for the server (used to authenticate traffic coming back from the server)
AllowedIPs
addresses for which traffic should be routed to the server. Note that when sending traffic, AllowedIPs' acts as a routing table entry.