Updated old docs articles
This commit is contained in:
parent
d8dfaa1796
commit
fd5e65b5c3
3 changed files with 25 additions and 12 deletions
|
@ -9,11 +9,27 @@ tags:
|
||||||
|
|
||||||
## Introduction
|
## Introduction
|
||||||
|
|
||||||
This article explains how to configure wireguard on Alpine.
|
This article explains how to configure wireguard on Alpine Linux.
|
||||||
|
|
||||||
## Configuration example
|
## Installation
|
||||||
|
|
||||||
Here is a `/etc/wireguard/wg0.conf` configuration example to create a tunnel listening on udp port 342 and a remote peers :
|
```sh
|
||||||
|
apk add wireguard-tools
|
||||||
|
```
|
||||||
|
|
||||||
|
## Generating keys
|
||||||
|
|
||||||
|
The private and public keys for a host can be generated with the following commands:
|
||||||
|
```sh
|
||||||
|
PRIVATE_KEY=`wg genkey`
|
||||||
|
PUBLIC_KEY=`printf $PRIVATE_KEY|wg pubkey`
|
||||||
|
echo private_key: $PRIVATE_KEY
|
||||||
|
echo public_key: $PUBLIC_KEY
|
||||||
|
```
|
||||||
|
|
||||||
|
## Configuration
|
||||||
|
|
||||||
|
Here is a configuration example of my `/etc/wireguard/wg0.conf` that creates a tunnel listening on udp port 342 and has one remote peer:
|
||||||
```cfg
|
```cfg
|
||||||
[Interface]
|
[Interface]
|
||||||
PrivateKey = MzrfXLmSfTaCpkJWKwNlCSD20eDq7fo18aJ3Dl1D0gA=
|
PrivateKey = MzrfXLmSfTaCpkJWKwNlCSD20eDq7fo18aJ3Dl1D0gA=
|
||||||
|
@ -26,9 +42,11 @@ AllowedIPs = 10.1.2.9/32
|
||||||
PersistentKeepalive = 60
|
PersistentKeepalive = 60
|
||||||
```
|
```
|
||||||
|
|
||||||
Note that there is no ip address in the Interface section, contrary to other operating systems. Putting one here is invalid and wg will fail with an error.
|
Note that there is no ip address in the Interface section, contrary to other operating systems using the `wg-quick` tool. Putting one here is invalid and wg will fail with an error.
|
||||||
|
|
||||||
Your private key goes on the first line as argument to `wgkey`, the other keys are public keys for each peer. In this example I setup a client that can be hidden behind nat therefore I configure a `PersistentKeepalive`. If your host has a public IP this line is not needed.
|
To implement this example you will need to generate two sets of keys. The configuration for the first server will feature the first server's private key in the `[Interface]` section and the second server's public key in the `[Peer]` section, and vice versa for the configuration of the second server.
|
||||||
|
|
||||||
|
This example is from a machine that can be hidden behind nat therefore I configure a `PersistentKeepalive`. If your host has a public IP this line is not needed.
|
||||||
|
|
||||||
To activate the interface configuration, edit `/etc/network/interfaces` :
|
To activate the interface configuration, edit `/etc/network/interfaces` :
|
||||||
```sh
|
```sh
|
||||||
|
@ -43,11 +61,6 @@ Then run `ifup wg0`.
|
||||||
|
|
||||||
## Administration
|
## Administration
|
||||||
|
|
||||||
Private keys can be generated with the following command :
|
|
||||||
{{< highlight sh >}}
|
|
||||||
openssl rand -base64 32
|
|
||||||
{{< /highlight >}}
|
|
||||||
|
|
||||||
The tunnel can be managed with the `wg` command:
|
The tunnel can be managed with the `wg` command:
|
||||||
```sh
|
```sh
|
||||||
root@hurricane:~# wg
|
root@hurricane:~# wg
|
||||||
|
|
|
@ -18,7 +18,7 @@ wget https://download.freebsd.org/ftp/releases/VM-IMAGES/13.0-RELEASE/amd64/Late
|
||||||
```
|
```
|
||||||
|
|
||||||
When all is done, force a reboot of your machine and connect to the remote console. Your FreeBSD system should boot and leave you with an authentication prompt. Just type in root (it will not ask for a password) and go through this post installation checklist :
|
When all is done, force a reboot of your machine and connect to the remote console. Your FreeBSD system should boot and leave you with an authentication prompt. Just type in root (it will not ask for a password) and go through this post installation checklist :
|
||||||
- run `freebsd-update fetch install`
|
- run `freebsd-update fetch install` then reboot
|
||||||
- set a root password with `passwd`
|
- set a root password with `passwd`
|
||||||
- add a user account with `adduser`, put it in the `wheel` group
|
- add a user account with `adduser`, put it in the `wheel` group
|
||||||
- add a ssh authorized_keys for your new user
|
- add a ssh authorized_keys for your new user
|
||||||
|
|
|
@ -42,7 +42,7 @@ AllowedIPs = 10.1.2.9/32
|
||||||
PersistentKeepalive = 60
|
PersistentKeepalive = 60
|
||||||
```
|
```
|
||||||
|
|
||||||
To implement this example you will need to generate two sets of keys. The configuration for the first server will feature the first server's private key in the `[Interface]` section and the second server's public key in the `[Peer]` section, and vice versa.
|
To implement this example you will need to generate two sets of keys. The configuration for the first server will feature the first server's private key in the `[Interface]` section and the second server's public key in the `[Peer]` section, and vice versa for the configuration of the second server.
|
||||||
|
|
||||||
This example is from a machine that can be hidden behind nat therefore I configure a `PersistentKeepalive`. If your host has a public IP this line is not needed.
|
This example is from a machine that can be hidden behind nat therefore I configure a `PersistentKeepalive`. If your host has a public IP this line is not needed.
|
||||||
|
|
||||||
|
|
Loading…
Add table
Reference in a new issue