sysadminery:wireguard
This is an old revision of the document!
what I've learned:
a wg0.conf will have [interface] and [peer]. interface is self, peer is a peer. obv.
[peer] will have:
- publickey: the public key for the peer. (duh) that implies that each peer needs a [peer] section.
- allowed IPs: the _destination_ addresses that the peer in this section can access through you
- Endpoint: some way for me to point at this peer.
but to allow a connection, you'll have to:
sudo wg set wg0 peer <public key> allowed-ips 10.8.0.2,10.8.0.100,fd0d:86fa:c3bc::2
sudo apt update sudo apt install wireguard wg genkey | sudo tee /etc/wireguard/private.key sudo chmod go= /etc/wireguard/private.key sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key
*pick* IP addresses. manually. :(
sudo nano /etc/wireguard/wg0.conf
or vim or whatvever. Sample:
[Interface] PrivateKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX= Address = 10.8.0.2/24 Address = fd24:609a:6c18::2/64 [Peer] PublicKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX= AllowedIPs = 10.8.0.0/24, fd24:609a:6c18::/64 Endpoint = 203.0.113.1:51820
notice: allowed IPs is a comma-separated list. AND, because it's masked, it's a range.
now, jump over to the server. sample:
sudo wg set wg0 peer PeURxj4Q75RaVhBKkRTpNsBPiPSGb5oQijgJsTa29hg= allowed-ips 10.8.0.2,fd24:609a:6c18::2
notice: not a range.
now back to the peer.
sudo apt install resolvconf sudo wg-quick up wg0
check status on both with `sudo wg`
sysadminery/wireguard.1678117056.txt.gz · Last modified: 2023/03/06 15:37 by 127.0.0.1