VPN

Links

Testing on salt server and X220 laptop…

Tip

The following needs to be done on all the peers (we have two for now)

From https://www.wireguard.com/install/

sudo -i
add-apt-repository ppa:wireguard/wireguard
apt update
apt install wireguard

From https://www.wireguard.com/quickstart/

sudo -i
cd /etc/wireguard/
umask 077
wg genkey | tee privatekey | wg pubkey > publickey
# now we have a 'publickey' and a 'privatekey'

Tip

umask 077 sets the default for files created from this point.

Create the wireguard network interface:

ip link add dev wg0 type wireguard

Decide on an IP address for the LAN of the VPN e.g. my home network is 192.168.1, so my VPN network could be 192.168.50.

Assign the IP address to the network interface e.g:

# e.g. for the first peer
ip address add dev wg0 192.168.50.1/24

# e.g. for the second peer
ip address add dev wg0 192.168.50.2/24

Tell the peers about each other, From https://wiki.archlinux.org/index.php/WireGuard#Peer_A_setup

# Note, the default port is 51820

# peer 1 (server in our example)
wg set wg0 listen-port 48574 private-key ./privatekey
wg set wg0 peer [Peer B public key] persistent-keepalive 25 allowed-ips 192.168.50.2/32
ip link set wg0 up

# peer 2
wg set wg0 listen-port 39814 private-key ./privatekey
wg set wg0 peer [Peer A public key] persistent-keepalive 25 allowed-ips 192.168.50.1/32 endpoint 10.10.10.1:48574
ip link set wg0 up

Note

The endpoint is the external IP address of our server.

From, https://www.ckn.io/blog/2017/11/14/wireguard-vpn-typical-setup/ Add the following to your iptables config:

-A INPUT -p udp -m udp --dport 48574 -m conntrack --ctstate NEW -j ACCEPT

To dislay the config:

wg showconf wg0

Save the config:

wg showconf wg0 > /etc/wireguard/wg0.conf