Howto wireguard: Difference between revisions

From Vidalinux Wiki
Jump to navigation Jump to search
Line 97: Line 97:
= windows =
= windows =
if you have issues with windows client verify and enable DNS Client service via regedit:  
if you have issues with windows client verify and enable DNS Client service via regedit:  
  navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache and
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache and
  locate Start registry key
  edit Start  
  Change Startup type :
  Change Startup type :
  Automatic 2
  Automatic 2
Line 104: Line 104:
  Disabled 4
  Disabled 4
  Automatic (Delayed Start) 2
  Automatic (Delayed Start) 2
= references =
= references =
* https://blog.stigok.com/2018/10/08/wireguard-vpn-server-on-centos-7.html
* https://blog.stigok.com/2018/10/08/wireguard-vpn-server-on-centos-7.html

Revision as of 07:47, 31 October 2020

server configuration

install repos centos7:

yum install -y epel-release https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm
yum install -y yum-plugin-elrepo
yum install -y kmod-wireguard wireguard-tools

install repos centos8:

yum install -y epel-release https://www.elrepo.org/elrepo-release-8.el8.elrepo.noarch.rpm
yum install -y kmod-wireguard wireguard-tools

create wireguard config directory on etc:

mkdir /etc/wireguard

create a public/private key pair:

wg genkey | tee /etc/wireguard/server_private.key | wg pubkey | tee /etc/wireguard/server_public.key

create a wireguard configuration file /etc/wireguard/wg0.conf:

cat > /etc/wireguard/wg0.conf << EOF
[Interface]
Address = 10.10.10.1/24
SaveConfig = true
PrivateKey = $(cat /etc/wireguard/server_private.key)
ListenPort = 51820
PostUp = iptables -I FORWARD -i %i -j ACCEPT; iptables -I FORWARD -o %i -j ACCEPT; iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = 75VNV7HqFh+3QIT5OHZkcjWfbjx8tc6Ck62gZJT/KRA=
AllowedIPs = 10.10.10.2/32
EOF

fix wireguard config directory permissions:

chmod 600 /etc/wireguard/ -R

enable ip forwarding:

nano /etc/sysctl.d/99-sysctl.conf

add the following line at the end of this file:

net.ipv4.ip_forward = 1

apply changes:

sysctl -p /etc/sysctl.d/99-sysctl.conf

start and enable wireguard service:

systemctl start wg-quick@wg0.service
systemctl enable wg-quick@wg0.service

an alternative way to start or stop wireguard:

wg-quick up wg0
wg-quick down wg0

client configuration

install repos centos7:

yum install -y epel-release https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm
yum install -y yum-plugin-elrepo
yum install -y kmod-wireguard wireguard-tools 

install repos centos8:

yum install -y epel-release https://www.elrepo.org/elrepo-release-8.el8.elrepo.noarch.rpm
yum install -y kmod-wireguard wireguard-tools

create wireguard config directory on etc:

mkdir /etc/wireguard

create a public/private key pair:

wg genkey | tee /etc/wireguard/client_private.key | wg pubkey | tee /etc/wireguard/client_public.key

create a wireguard configuration file /etc/wireguard/wg0.conf:

cat > /etc/wireguard/wg0.conf << EOF
[Interface]
Address = 10.10.10.2/24
DNS = 10.10.10.1
PrivateKey = $(cat /etc/wireguard/client_private.key)
PostUp = iptables -I FORWARD -i %i -j ACCEPT; iptables -I FORWARD -o %i -j ACCEPT; iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = vxyo4l4I3jWK+KZquNIDJF/hzQq29DOIxSUOrfNZZCs=
AllowedIPs = 0.0.0.0/0
Endpoint = 12.34.56.78:51820
PersistentKeepalive = 25
EOF

fix wireguard config directory permissions:

chmod 600 /etc/wireguard/ -R

start and enable wireguard service:

systemctl start wg-quick@wg0.service
systemctl enable wg-quick@wg0.service

show information about the vpn connection:

wg show

mikrotik

for wireguard support we need to switch to development channel:

/system package update set channel=development

then download the latest update:

/system package update download

reboot the router:

/system reboot

add wireguard interface:

/interface/wireguard add name=wg0 mtu=1420

add wireguard peer using server information:

/interface/wireguard/peers add endpoint=12.34.56.78:51820 persistent-keepalive=61 public-key="75VNV7HqFh+3QIT5OHZkcjWfbjx8tc6Ck62gZJT/KRA=" allowed-address="10.10.10.0/24" interface=wg0

add ip address to interface:

/ip/address add address=10.10.10.3/24 network=10.10.10.0 interface=wg0

add the following on the server configuration:

[Peer]
PublicKey=pEU+xV6YeWOKT34iECYDPRW99oLZKYodkUtjdIV8CwI=
AllowedIPs=10.10.10.3/32

restart wireguard on server:

systemctl restart wg-quick@wg0.service

windows

if you have issues with windows client verify and enable DNS Client service via regedit:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache and
edit Start 
Change Startup type :
Automatic 2
Manual 3
Disabled 4
Automatic (Delayed Start) 2

references