From 58f146440ad0146d8828d3362c007d00fb12e07d Mon Sep 17 00:00:00 2001 From: Julien Dessaux Date: Sun, 1 May 2022 17:24:13 +0200 Subject: Updated old docs articles --- content/docs/gentoo/wireguard.md | 31 +++++++++++++++++++++++-------- content/docs/openbsd/wireguard.md | 36 +++++++++++++++++++++++++++++------- 2 files changed, 52 insertions(+), 15 deletions(-) diff --git a/content/docs/gentoo/wireguard.md b/content/docs/gentoo/wireguard.md index d24caa3..3e745e7 100644 --- a/content/docs/gentoo/wireguard.md +++ b/content/docs/gentoo/wireguard.md @@ -11,9 +11,27 @@ tags: This article explains how to configure wireguard on Gentoo. -## Configuration example +## Installation -Here is a `/etc/wireguard/wg0.conf` configuration example to create a tunnel listening on udp port 342 and a remote peers : +```sh +emerge net-vpn/wireguard-tools -q +``` + +You will also need to set `CONFIG_WIREGUARD=y` in your kernel configuration. + +## Generating keys + +The private and public keys for a host can be generated with the following commands: +```sh +PRIVATE_KEY=`wg genkey` +PUBLIC_KEY=`printf $PRIVATE_KEY|wg pubkey` +echo private_key: $PRIVATE_KEY +echo public_key: $PUBLIC_KEY +``` + +## Configuration + +Here is a configuration example of my `/etc/wireguard/wg0.conf` that creates a tunnel listening on udp port 342 and has one remote peer: ```cfg [Interface] PrivateKey = MzrfXLmSfTaCpkJWKwNlCSD20eDq7fo18aJ3Dl1D0gA= @@ -27,7 +45,9 @@ AllowedIPs = 10.1.2.9/32 PersistentKeepalive = 60 ``` -Your private key goes on the first line as argument to `wgkey`, the other keys are public keys for each peer. In this example I setup a client that can be hidden behind nat therefore I configure a `PersistentKeepalive`. If your host has a public IP this line is not needed. +To implement this example you will need to generate two sets of keys. The configuration for the first server will feature the first server's private key in the `[Interface]` section and the second server's public key in the `[Peer]` section, and vice versa for the configuration of the second server. + +This example is from a machine that can be hidden behind nat therefore I configure a `PersistentKeepalive`. If your host has a public IP this line is not needed. To activate the interface configuration, use : ```sh @@ -39,11 +59,6 @@ rc-update add wg-quick.wg0 default ## Administration -Private keys can be generated with the following command : -{{< highlight sh >}} -openssl rand -base64 32 -{{< /highlight >}} - The tunnel can be managed with the `wg` command: ```sh root@hurricane:~# wg diff --git a/content/docs/openbsd/wireguard.md b/content/docs/openbsd/wireguard.md index 3b3a67f..83c7cb1 100644 --- a/content/docs/openbsd/wireguard.md +++ b/content/docs/openbsd/wireguard.md @@ -8,11 +8,36 @@ tags: ## Introduction +This article explains how to configure wireguard on OpenBSD. + +## Installation + OpenBSD does things elegantly as usual : where linux distributions have a service, OpenBSD has a simple `/etc/hostname.wg0` file. The interface is therefore managed without any tool other than the standard ifconfig, it's so simple and elegant! -## Configuration example +You can still install the usual tooling with: +```sh +pkg_add wireguard-tools +``` + +## Generating keys -Here is a configuration example to create a tunnel listening on udp port 342 and several peers : +The private and public keys for a host can be generated with the following commands: +```sh +PRIVATE_KEY=`wg genkey` +PUBLIC_KEY=`printf $PRIVATE_KEY|wg pubkey` +echo private_key: $PRIVATE_KEY +echo public_key: $PUBLIC_KEY +``` + +Private keys can also be generated with the following command if you do not wish to use the `wg` tool: +{{< highlight sh >}} +openssl rand -base64 32 +{{< /highlight >}} + + +## Configuration + +Here is a configuration example of my `/etc/hostname.wg0` that creates a tunnel listening on udp port 342 and several peers : {{< highlight cfg >}} wgport 342 wgkey '4J7O3IN7+MnyoBpxqDbDZyAQ3LUzmcR2tHLdN0MgnH8=' 10.1.2.1/24 @@ -31,11 +56,6 @@ sh /etc/netstart wg0 ## Administration -Private keys can be generated with the following command : -{{< highlight sh >}} -openssl rand -base64 32 -{{< /highlight >}} - The tunnel can be managed with the standard `ifconfig` command: {{< highlight sh >}} root@yen:~# ifconfig wg0 @@ -66,3 +86,5 @@ wg0: flags=80c3 mtu 1420 groups: wg inet 10.1.2.1 netmask 0xffffff00 broadcast 10.1.2.255 {{< /highlight >}} + +Alternatively you can also use the `wg` tool if you installed it. -- cgit v1.2.3