Wireguard » Historique » Version 4
Matthieu Herrb, 14/04/2019 20:42
1 | 1 | Matthieu Herrb | h1. Wireguard |
---|---|---|---|
2 | 1 | Matthieu Herrb | |
3 | 1 | Matthieu Herrb | h2. test VPN tetaneutral sur h9 |
4 | 1 | Matthieu Herrb | |
5 | 1 | Matthieu Herrb | <pre> |
6 | 1 | Matthieu Herrb | # modprobe wireguard |
7 | 1 | Matthieu Herrb | # umask 077 |
8 | 1 | Matthieu Herrb | # wg genkey > /etc/wireguard/private |
9 | 1 | Matthieu Herrb | # wg pubkey < /etc/wireguard/private > /etc/wireguard/public |
10 | 1 | Matthieu Herrb | # ip link add dev wg0 type wireguard |
11 | 1 | Matthieu Herrb | # ip a add dev wg0 10.99.0.1/32 |
12 | 1 | Matthieu Herrb | # ip -6 a add dev wg0 fe80::31/128 |
13 | 1 | Matthieu Herrb | # wg set wg0 private-key ./private |
14 | 1 | Matthieu Herrb | # ip link set wg0 up |
15 | 1 | Matthieu Herrb | </pre> |
16 | 1 | Matthieu Herrb | |
17 | 1 | Matthieu Herrb | Pour chaque client, sur h9: |
18 | 1 | Matthieu Herrb | |
19 | 1 | Matthieu Herrb | <pre> |
20 | 1 | Matthieu Herrb | # wg set wg0 peer <clé publique du client> allowed-ips 185.119.170.3/32,2a03:7220:8087:300::/56 |
21 | 1 | Matthieu Herrb | # ip r add 185.119.170.3/32 dev wg0 |
22 | 1 | Matthieu Herrb | # ip -6 r add 2a03:7220:8087:300::/56 dev wg0 |
23 | 2 | Matthieu Herrb | </pre> |
24 | 1 | Matthieu Herrb | |
25 | 1 | Matthieu Herrb | Config openwrt dans @/etc/config/network@ |
26 | 1 | Matthieu Herrb | <pre> |
27 | 1 | Matthieu Herrb | config interface 'vpn0' |
28 | 1 | Matthieu Herrb | option proto 'wireguard' |
29 | 1 | Matthieu Herrb | option private_key 'WOgTO5kHZn0hmfty5S7z0h55WUysqgcS4Z3fCHayf1g=' |
30 | 1 | Matthieu Herrb | list addresses '185.119.170.3/32' |
31 | 1 | Matthieu Herrb | list addresses '2a03:7220:8087:300::1/56' |
32 | 1 | Matthieu Herrb | |
33 | 1 | Matthieu Herrb | config wireguard_vpn0 |
34 | 1 | Matthieu Herrb | option public_key 'DsIeOCRs/5uYdi8rLiBzRNmN4zUzKCQRqY3Sbl8NS0A=' |
35 | 1 | Matthieu Herrb | option route_allowed_ips '1' |
36 | 1 | Matthieu Herrb | option endpoint_host '91.224.148.143' |
37 | 1 | Matthieu Herrb | option endpoint_port '55769' |
38 | 1 | Matthieu Herrb | option persistent_keepalive '25' |
39 | 1 | Matthieu Herrb | list allowed_ips '0.0.0.0/0' |
40 | 1 | Matthieu Herrb | list allowed_ips '::/0' |
41 | 4 | Matthieu Herrb | </pre> |
42 | 2 | Matthieu Herrb | |
43 | 3 | Matthieu Herrb | Sur h7: router les IP via h9: |
44 | 3 | Matthieu Herrb | <pre> |
45 | 3 | Matthieu Herrb | ip r add 185.119.170.3/32 via 91.224.148.143 dev eth3.3131 |
46 | 3 | Matthieu Herrb | ip -6 r add 2a03:7220:8087:300::/56 via fe80::80:8f dev eth3.3131 |
47 | 3 | Matthieu Herrb | </pre> |