Howto wireguard: Difference between revisions
Line 70: | Line 70: | ||
/interface/wireguard add name=wg0 mtu=1420 | /interface/wireguard add name=wg0 mtu=1420 | ||
add wireguard peer: | add wireguard peer: | ||
/interface/wireguard/peers add endpoint=192.23.22.103:51820 persistent-keepalive=61 public-key=" | /interface/wireguard/peers add endpoint=192.23.22.103:51820 persistent-keepalive=61 public-key="75VNV7HqFh+3QIT5OHZkcjWfbjx8tc6Ck62gZJT/KRA=" allowed-address="172.16.12.0/24" interface=wg0 | ||
add ip address to interface: | add ip address to interface: | ||
/ip/address> add address=172.16.12.13/24 network=172.16.12.10 interface=wg0 | /ip/address> add address=172.16.12.13/24 network=172.16.12.10 interface=wg0 |
Revision as of 03:09, 23 August 2020
server configuration
install repos:
yum install -y epel-release https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm yum install -y yum-plugin-elrepo yum install -y kmod-wireguard wireguard-tools
create wireguard config directory on etc:
mkdir /etc/wireguard
create a public/private key pair:
wg genkey | tee /etc/wireguard/server_private.key | wg pubkey | tee /etc/wireguard/server_public.key
create a wireguard configuration file /etc/wireguard/wg0.conf:
[Interface] Address = 10.10.10.1/24 SaveConfig = true PrivateKey = kLmHUf4LNmxtz1uA3riC7MMXzwBFjJrSWE/Lb4p+4Ec= ListenPort = 51820 [Peer] PublicKey = 75VNV7HqFh+3QIT5OHZkcjWfbjx8tc6Ck62gZJT/KRA= AllowedIPs = 10.10.10.2/32
fix wireguard config directory permissions:
chmod 600 /etc/wireguard/ -R
enable ip forwarding:
nano /etc/sysctl.d/99-sysctl.conf
add the following line at the end of this file:
net.ipv4.ip_forward = 1
apply changes:
sysctl -p /etc/sysctl.d/99-sysctl.conf
start and enable wireguard service:
systemctl start wg-quick@wg0.service systemctl enable wg-quick@wg0.service
an alternative way to start or stop wireguard:
wg-quick up wg0 wg-quick down wg0
client configuration
install repos:
yum install -y epel-release https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm yum install -y yum-plugin-elrepo yum install -y kmod-wireguard wireguard-tools
create wireguard config directory on etc:
mkdir /etc/wireguard
create a public/private key pair:
wg genkey | tee /etc/wireguard/client_private.key | wg pubkey | tee /etc/wireguard/client_public.key
create a wireguard configuration file /etc/wireguard/wg0.conf:
cat > /etc/wireguard/wg0.conf << EOF [Interface] Address = 10.10.10.2/24 DNS = 10.10.10.1 PrivateKey = $(cat /etc/wireguard/client_private.key) [Peer] PublicKey = vxyo4l4I3jWK+KZquNIDJF/hzQq29DOIxSUOrfNZZCs= AllowedIPs = 0.0.0.0/0 Endpoint = 12.34.56.78:51820 PersistentKeepalive = 25 EOF
fix wireguard config directory permissions:
chmod 600 /etc/wireguard/ -R
start and enable wireguard service:
systemctl start wg-quick@wg0.service systemctl enable wg-quick@wg0.service
show information about the vpn connection:
wg show
mikrotik
for wireguard suppor we need switch to development channel:
/system/package/update set channel=development
then download the latest:
/system/package/update/download
add wireguard interface:
/interface/wireguard add name=wg0 mtu=1420
add wireguard peer:
/interface/wireguard/peers add endpoint=192.23.22.103:51820 persistent-keepalive=61 public-key="75VNV7HqFh+3QIT5OHZkcjWfbjx8tc6Ck62gZJT/KRA=" allowed-address="172.16.12.0/24" interface=wg0
add ip address to interface:
/ip/address> add address=172.16.12.13/24 network=172.16.12.10 interface=wg0
references
- https://blog.stigok.com/2018/10/08/wireguard-vpn-server-on-centos-7.html
- https://www.linuxbabe.com/centos/wireguard-vpn-server-centos
- https://www.cyberciti.biz/faq/centos-8-set-up-wireguard-vpn-server/
- https://medium.com/opsops/starting-with-wireguard-d17518869a60
- https://linuxhint.com/enable_ip_forwarding_ipv4_debian_linux/