unifios-utilities/wireguard-go/README.md
StealthCT 4a1d6f11b3
Path references for boostchicken-dev and forks (#341)
* Fix Github references from boostchicken to boostchicken-dev

* Download CNI bridge script from upstream rather than fork

The remote_install.sh script was retrieving the 05-cni-bridge.sh script
from gtrabanco's fork, rather than the main repository.

* Rename 05-cni-bridge.sh to 06-cni-bridge.sh
2022-03-25 06:08:14 -07:00

2.3 KiB

Wireguard VPN server / client

Features

  1. Wireguard VPN to anywhere! Uses wireguard-go, not the kernel module
  2. Persists through reboots and firmware updates
  3. Tested with a Wireguard Server in AWS

Requirements

  1. You have successfully setup the on boot script described here
  2. Not recommended for Wireguard newbies. Set it up on other devices first. This document does not include iptables / nat rules

Customization

  • Update wg0.conf to match your environment
  • You can use a custom interface name by changing wg0.conf to whatever you like
  • Use PostUp and PostDown in your wg.conf to execute any commands after the interface is created or destroyed

Steps

  1. Make a directory for your keys and configuration:

    mkdir -p /mnt/data/wireguard
    
  2. Create your public and private keys:

    podman run -i --rm --net=host --name wireguard_conf masipcat/wireguard-go wg genkey > /mnt/data/wireguard/privatekey
    podman run -i --rm --net=host --name wireguard_conf masipcat/wireguard-go wg pubkey < /mnt/data/wireguard/privatekey > /mnt/data/wireguard/publickey
    
  3. Create a Wireguard configuration in /mnt/data/wireguard

  4. Copy 20-wireguard.sh to /mnt/data/on_boot.d and update its values to reflect your environment

  5. Execute /mnt/data/on_boot.d/20-wireguard.sh

  6. If you are running a server, make the appropriate firewall rules / port forwards

  7. Execute the wg command in the container to verify the tunnel is up. It should look something like this:

    $ podman exec -it wireguard wg
    interface: wg0
        public key: <your public key here>
        private key: (hidden)
        listening port: 54321
    
    peer: <your peers public key>
        endpoint: 10.0.0.2:54321
        allowed ips: 10.1.0.0/16, 10.2.0.0/16
        latest handshake: 1 day, 14 hours, 46 minutes, 27 seconds ago
        transfer: 138.44 MiB received, 5.00 GiB sent
    

Useful commands

# See interface status, see your public key
podman exec -it wireguard wg
# Bring up wg0
podman exec -it wireguard wg-quick up wg0
# Bring down wg0
podman exec -it wireguard wg-quick down wg0