Updated old docs articles

This commit is contained in:
Julien Dessaux 2022-05-01 17:24:13 +02:00
parent fd5e65b5c3
commit 58f146440a
Signed by: adyxax
GPG key ID: F92E51B86E07177E
2 changed files with 52 additions and 15 deletions

View file

@ -11,9 +11,27 @@ tags:
This article explains how to configure wireguard on Gentoo. This article explains how to configure wireguard on Gentoo.
## Configuration example ## Installation
Here is a `/etc/wireguard/wg0.conf` configuration example to create a tunnel listening on udp port 342 and a remote peers : ```sh
emerge net-vpn/wireguard-tools -q
```
You will also need to set `CONFIG_WIREGUARD=y` in your kernel configuration.
## Generating keys
The private and public keys for a host can be generated with the following commands:
```sh
PRIVATE_KEY=`wg genkey`
PUBLIC_KEY=`printf $PRIVATE_KEY|wg pubkey`
echo private_key: $PRIVATE_KEY
echo public_key: $PUBLIC_KEY
```
## Configuration
Here is a configuration example of my `/etc/wireguard/wg0.conf` that creates a tunnel listening on udp port 342 and has one remote peer:
```cfg ```cfg
[Interface] [Interface]
PrivateKey = MzrfXLmSfTaCpkJWKwNlCSD20eDq7fo18aJ3Dl1D0gA= PrivateKey = MzrfXLmSfTaCpkJWKwNlCSD20eDq7fo18aJ3Dl1D0gA=
@ -27,7 +45,9 @@ AllowedIPs = 10.1.2.9/32
PersistentKeepalive = 60 PersistentKeepalive = 60
``` ```
Your private key goes on the first line as argument to `wgkey`, the other keys are public keys for each peer. In this example I setup a client that can be hidden behind nat therefore I configure a `PersistentKeepalive`. If your host has a public IP this line is not needed. To implement this example you will need to generate two sets of keys. The configuration for the first server will feature the first server's private key in the `[Interface]` section and the second server's public key in the `[Peer]` section, and vice versa for the configuration of the second server.
This example is from a machine that can be hidden behind nat therefore I configure a `PersistentKeepalive`. If your host has a public IP this line is not needed.
To activate the interface configuration, use : To activate the interface configuration, use :
```sh ```sh
@ -39,11 +59,6 @@ rc-update add wg-quick.wg0 default
## Administration ## Administration
Private keys can be generated with the following command :
{{< highlight sh >}}
openssl rand -base64 32
{{< /highlight >}}
The tunnel can be managed with the `wg` command: The tunnel can be managed with the `wg` command:
```sh ```sh
root@hurricane:~# wg root@hurricane:~# wg

View file

@ -8,11 +8,36 @@ tags:
## Introduction ## Introduction
This article explains how to configure wireguard on OpenBSD.
## Installation
OpenBSD does things elegantly as usual : where linux distributions have a service, OpenBSD has a simple `/etc/hostname.wg0` file. The interface is therefore managed without any tool other than the standard ifconfig, it's so simple and elegant! OpenBSD does things elegantly as usual : where linux distributions have a service, OpenBSD has a simple `/etc/hostname.wg0` file. The interface is therefore managed without any tool other than the standard ifconfig, it's so simple and elegant!
## Configuration example You can still install the usual tooling with:
```sh
pkg_add wireguard-tools
```
Here is a configuration example to create a tunnel listening on udp port 342 and several peers : ## Generating keys
The private and public keys for a host can be generated with the following commands:
```sh
PRIVATE_KEY=`wg genkey`
PUBLIC_KEY=`printf $PRIVATE_KEY|wg pubkey`
echo private_key: $PRIVATE_KEY
echo public_key: $PUBLIC_KEY
```
Private keys can also be generated with the following command if you do not wish to use the `wg` tool:
{{< highlight sh >}}
openssl rand -base64 32
{{< /highlight >}}
## Configuration
Here is a configuration example of my `/etc/hostname.wg0` that creates a tunnel listening on udp port 342 and several peers :
{{< highlight cfg >}} {{< highlight cfg >}}
wgport 342 wgkey '4J7O3IN7+MnyoBpxqDbDZyAQ3LUzmcR2tHLdN0MgnH8=' wgport 342 wgkey '4J7O3IN7+MnyoBpxqDbDZyAQ3LUzmcR2tHLdN0MgnH8='
10.1.2.1/24 10.1.2.1/24
@ -31,11 +56,6 @@ sh /etc/netstart wg0
## Administration ## Administration
Private keys can be generated with the following command :
{{< highlight sh >}}
openssl rand -base64 32
{{< /highlight >}}
The tunnel can be managed with the standard `ifconfig` command: The tunnel can be managed with the standard `ifconfig` command:
{{< highlight sh >}} {{< highlight sh >}}
root@yen:~# ifconfig wg0 root@yen:~# ifconfig wg0
@ -66,3 +86,5 @@ wg0: flags=80c3<UP,BROADCAST,RUNNING,NOARP,MULTICAST> mtu 1420
groups: wg groups: wg
inet 10.1.2.1 netmask 0xffffff00 broadcast 10.1.2.255 inet 10.1.2.1 netmask 0xffffff00 broadcast 10.1.2.255
{{< /highlight >}} {{< /highlight >}}
Alternatively you can also use the `wg` tool if you installed it.