blob: dc45604836454814a2a192d486fa391fbcf194fe (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
---
title: Wireguard
description: How to configure a wireguard endpoint on Alpine
tags:
- Alpine
- linux
- vpn
---
## Introduction
This article explains how to configure wireguard on Alpine.
## Configuration example
Here is a `/etc/wireguard/wg0.conf` configuration example to create a tunnel listening on udp port 342 and a remote peers :
```cfg
[Interface]
PrivateKey = MzrfXLmSfTaCpkJWKwNlCSD20eDq7fo18aJ3Dl1D0gA=
ListenPort = 342
[Peer]
PublicKey = R4A01RXXqRJSY9TiKQrZGR85HsFNSXxhRKKEu/bEdTQ=
Endpoint = 168.119.114.183:342
AllowedIPs = 10.1.2.9/32
PersistentKeepalive = 60
```
Note that there is no ip address in the Interface section, contrary to other operating systems. Putting one here is invalid and wg will fail with an error.
Your private key goes on the first line as argument to `wgkey`, the other keys are public keys for each peer. In this example I setup a client that can be hidden behind nat therefore I configure a `PersistentKeepalive`. If your host has a public IP this line is not needed.
To activate the interface configuration, edit `/etc/network/interfaces` :
```sh
auto wg0
iface wg0 inet static
requires eth0
use wireguard
address 10.1.2.3/24
```
Then run `ifup wg0`.
## Administration
Private keys can be generated with the following command :
{{< highlight sh >}}
openssl rand -base64 32
{{< /highlight >}}
The tunnel can be managed with the `wg` command:
```sh
root@hurricane:~# wg
interface: wg0
public key: 7fbr/yumFeTzXwxIHnEs462JLFToUyJ7yCOdeDFmP20=
private key: (hidden)
listening port: 342
peer: R4A01RXXqRJSY9TiKQrZGR85HsFNSXxhRKKEu/bEdTQ=
endpoint: 168.119.114.183:342
allowed ips: 10.1.2.9/32
latest handshake: 57 seconds ago
transfer: 1003.48 KiB received, 185.89 KiB sent
persistent keepalive: every 1 minute
```
|
