Mirrored_Repos/unifios-utilities
1
0
Fork 0
mirror of https://github.com/unifi-utilities/unifios-utilities.git synced 2024-08-30 18:32:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
6d819de9d8
unifios-utilities/wireguard-go
History
John Dorman 4d25211b76 Updating Org 
Signed-off-by: John Dorman <john@boostchicken.dev>
2022-06-24 08:16:09 -07:00
..
configs Clarifying wireguard based on feedback 2020-07-12 22:54:09 -07:00
on_boot.d Podman fixes for 1.11 2021-08-26 07:11:38 -07:00
README.md Updating Org 2022-06-24 08:16:09 -07:00

README.md

Wireguard VPN server / client

Features

  1. Wireguard VPN to anywhere! Uses wireguard-go, not the kernel module
  2. Persists through reboots and firmware updates
  3. Tested with a Wireguard Server in AWS

Requirements

  1. You have successfully setup the on boot script described here
  2. Not recommended for Wireguard newbies. Set it up on other devices first. This document does not include iptables / nat rules

Customization

  • Update wg0.conf to match your environment
  • You can use a custom interface name by changing wg0.conf to whatever you like
  • Use PostUp and PostDown in your wg.conf to execute any commands after the interface is created or destroyed

Steps

  1. Make a directory for your keys and configuration:

    mkdir -p /mnt/data/wireguard

  2. Create your public and private keys:

    podman run -i --rm --net=host --name wireguard_conf masipcat/wireguard-go wg genkey > /mnt/data/wireguard/privatekey
podman run -i --rm --net=host --name wireguard_conf masipcat/wireguard-go wg pubkey < /mnt/data/wireguard/privatekey > /mnt/data/wireguard/publickey

  3. Create a Wireguard configuration in /mnt/data/wireguard

  4. Copy 20-wireguard.sh to /mnt/data/on_boot.d and update its values to reflect your environment

  5. Execute /mnt/data/on_boot.d/20-wireguard.sh

  6. If you are running a server, make the appropriate firewall rules / port forwards

  7. Execute the wg command in the container to verify the tunnel is up. It should look something like this:

    $ podman exec -it wireguard wg
interface: wg0
    public key: <your public key here>
    private key: (hidden)
    listening port: 54321

peer: <your peers public key>
    endpoint: 10.0.0.2:54321
    allowed ips: 10.1.0.0/16, 10.2.0.0/16
    latest handshake: 1 day, 14 hours, 46 minutes, 27 seconds ago
    transfer: 138.44 MiB received, 5.00 GiB sent

Useful commands

# See interface status, see your public key
podman exec -it wireguard wg
# Bring up wg0
podman exec -it wireguard wg-quick up wg0
# Bring down wg0
podman exec -it wireguard wg-quick down wg0