Difference between revisions of "WireGuard"

From Indie IT Wiki
Line 79: Line 79:
 
  Endpoint = wireguard.domain.uk:51820
 
  Endpoint = wireguard.domain.uk:51820
 
  AllowedIPs = 0.0.0.0/0
 
  AllowedIPs = 0.0.0.0/0
 +
 +
To put back the default setting of routing all your traffic through the WireGuard tunnel ...
 +
 +
sudo ip route add 0.0.0.0/0 dev wg0 table 51820
 +
 +
Here are some examples of showing, testing and changing routes ...
 +
 +
'''Showing'''
 +
 +
ip link
 +
ip a
 +
ip route show table 51820
 +
 +
'''Testing'''
 +
 +
ip route get 1.1.1.1
 +
ip route get myserver.uk
  
 
== Command Line ==
 
== Command Line ==

Revision as of 07:37, 24 July 2024

Introduction

WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.

https://www.wireguard.com/

Installation

Docker

https://github.com/wg-easy/wg-easy

Normal

https://www.wireguard.com/install/

Server

https://wiki.indie-it.com/wiki/Docker#WireGuard

Client

Windows

https://duckduckgo.com/?q=wireguard+windows+10+admin&t=chromentp&ia=web

https://serversideup.net/how-to-configure-a-wireguard-windows-10-vpn-client/

https://github.com/WireGuard/wireguard-windows/blob/master/docs/adminregistry.md#registry-keys-for-admins

Linux

sudo apt-get -y install wireguard
qrencode -t ansiutf8 < /etc/wireguard/clients/mobile.conf

TO BE COMPLETED PROPERLY

 548  2021-05-21 17:08:32  nmcli connection import type wireguard file /etc/wireguard/wg0.conf
 552  2021-05-21 17:09:22  nmcli connection import type wireguard file wg0.conf
 553  2021-05-21 17:09:50  nmcli connection show wg0
 554  2021-05-21 17:10:06  nmcli connection up wg0
 555  2021-05-21 17:10:27  nmcli --overview connection show wg0 | zenity --text-info --width 600 --height 800
 557  2021-05-21 17:10:54  nmcli connection down wg0
 987  2021-06-07 09:34:47  nmcli connection show wg0
 988  2021-06-07 09:35:02  nmcli connection down wg0
1008  2021-06-07 11:11:00  nmcli 
1009  2021-06-07 11:11:25  nmcli device show
1010  2021-06-07 11:12:14  nmcli connection 
1011  2021-06-07 11:12:28  nmcli connection --help
1012  2021-06-07 11:14:58  nmcli connection 
1013  2021-06-07 11:15:08  nmcli connection show 
1014  2021-06-07 11:15:13  nmcli connection show wg0
1015  2021-06-07 11:17:05  nmcli connection modify wg0 connection.autoconnect no
1016  2021-06-07 11:17:22  nmcli connection show wg0

Routing

By default, the config will route ALL traffic through the wireguard interface using table 51820.

To disable this, or make custom routes, just add some PostUp lines to the config file.

In the example below, I have added a route to a particular server and then deleted the default routing.

This works really well, because it means I can connect to the VPN then go through the same server through the wireguard interface in order to connect via SSH :)

/etc/wg0.conf

[Interface]
Address = 10.6.0.2
PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxx
ListenPort = 51820
PostUp = ip route add 1.23.456.789/32 dev wg0 table 51820
PostUp = ip route del 0.0.0.0/0 dev wg0 table 51820

[Peer]
PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
PresharedKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxx
Endpoint = wireguard.domain.uk:51820
AllowedIPs = 0.0.0.0/0

To put back the default setting of routing all your traffic through the WireGuard tunnel ...

sudo ip route add 0.0.0.0/0 dev wg0 table 51820

Here are some examples of showing, testing and changing routes ...

Showing

ip link
ip a
ip route show table 51820

Testing

ip route get 1.1.1.1
ip route get myserver.uk

Command Line

alias wireguard-down='sudo wg-quick down wg0'
alias wireguard-show='sudo wg show'
alias wireguard-up='sudo wg-quick up wg0'

Management

https://github.com/wg-easy/wg-easy

https://github.com/gravitl/netmaker

Network Manager GUI

https://www.xmodulo.com/wireguard-vpn-network-manager-gui.html