aboutsummaryrefslogtreecommitdiff
path: root/content/docs
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--content/docs/alpine/wireguard.md33
-rw-r--r--content/docs/freebsd/remote_install.md2
-rw-r--r--content/docs/freebsd/wireguard.md2
3 files changed, 25 insertions, 12 deletions
diff --git a/content/docs/alpine/wireguard.md b/content/docs/alpine/wireguard.md
index dc45604..54b6d15 100644
--- a/content/docs/alpine/wireguard.md
+++ b/content/docs/alpine/wireguard.md
@@ -9,11 +9,27 @@ tags:
## Introduction
-This article explains how to configure wireguard on Alpine.
+This article explains how to configure wireguard on Alpine Linux.
-## Configuration example
+## Installation
-Here is a `/etc/wireguard/wg0.conf` configuration example to create a tunnel listening on udp port 342 and a remote peers :
+```sh
+apk add wireguard-tools
+```
+
+## Generating keys
+
+The private and public keys for a host can be generated with the following commands:
+```sh
+PRIVATE_KEY=`wg genkey`
+PUBLIC_KEY=`printf $PRIVATE_KEY|wg pubkey`
+echo private_key: $PRIVATE_KEY
+echo public_key: $PUBLIC_KEY
+```
+
+## Configuration
+
+Here is a configuration example of my `/etc/wireguard/wg0.conf` that creates a tunnel listening on udp port 342 and has one remote peer:
```cfg
[Interface]
PrivateKey = MzrfXLmSfTaCpkJWKwNlCSD20eDq7fo18aJ3Dl1D0gA=
@@ -26,9 +42,11 @@ AllowedIPs = 10.1.2.9/32
PersistentKeepalive = 60
```
-Note that there is no ip address in the Interface section, contrary to other operating systems. Putting one here is invalid and wg will fail with an error.
+Note that there is no ip address in the Interface section, contrary to other operating systems using the `wg-quick` tool. Putting one here is invalid and wg will fail with an error.
-Your private key goes on the first line as argument to `wgkey`, the other keys are public keys for each peer. In this example I setup a client that can be hidden behind nat therefore I configure a `PersistentKeepalive`. If your host has a public IP this line is not needed.
+To implement this example you will need to generate two sets of keys. The configuration for the first server will feature the first server's private key in the `[Interface]` section and the second server's public key in the `[Peer]` section, and vice versa for the configuration of the second server.
+
+This example is from a machine that can be hidden behind nat therefore I configure a `PersistentKeepalive`. If your host has a public IP this line is not needed.
To activate the interface configuration, edit `/etc/network/interfaces` :
```sh
@@ -43,11 +61,6 @@ Then run `ifup wg0`.
## Administration
-Private keys can be generated with the following command :
-{{< highlight sh >}}
-openssl rand -base64 32
-{{< /highlight >}}
-
The tunnel can be managed with the `wg` command:
```sh
root@hurricane:~# wg
diff --git a/content/docs/freebsd/remote_install.md b/content/docs/freebsd/remote_install.md
index 7bc9f63..7fbf8fd 100644
--- a/content/docs/freebsd/remote_install.md
+++ b/content/docs/freebsd/remote_install.md
@@ -18,7 +18,7 @@ wget https://download.freebsd.org/ftp/releases/VM-IMAGES/13.0-RELEASE/amd64/Late
```
When all is done, force a reboot of your machine and connect to the remote console. Your FreeBSD system should boot and leave you with an authentication prompt. Just type in root (it will not ask for a password) and go through this post installation checklist :
-- run `freebsd-update fetch install`
+- run `freebsd-update fetch install` then reboot
- set a root password with `passwd`
- add a user account with `adduser`, put it in the `wheel` group
- add a ssh authorized_keys for your new user
diff --git a/content/docs/freebsd/wireguard.md b/content/docs/freebsd/wireguard.md
index f4e09fe..62bb7df 100644
--- a/content/docs/freebsd/wireguard.md
+++ b/content/docs/freebsd/wireguard.md
@@ -42,7 +42,7 @@ AllowedIPs = 10.1.2.9/32
PersistentKeepalive = 60
```
-To implement this example you will need to generate two sets of keys. The configuration for the first server will feature the first server's private key in the `[Interface]` section and the second server's public key in the `[Peer]` section, and vice versa.
+To implement this example you will need to generate two sets of keys. The configuration for the first server will feature the first server's private key in the `[Interface]` section and the second server's public key in the `[Peer]` section, and vice versa for the configuration of the second server.
This example is from a machine that can be hidden behind nat therefore I configure a `PersistentKeepalive`. If your host has a public IP this line is not needed.