ObecnéNávody

Wireguard

zdroje:

- https://www.digitalocean.com/community/tutorials/how-to-set-up-wireguard-on-ubuntu-22-04

IPv6 má dle RFC použí unicast prefix fd00/8 Zde je přidán náhodný řetězec 24609a6c18 :: x /64

  1. /etc/wireguard/wg0.conf

[Interface] PrivateKey = base64_encoded_private_key_goes_here Address = 10.8.0.1/24, fd24:609a:6c18::1/64 ListenPort = 51820 SaveConfig = true

PostUp = ufw route allow in on wg0 out on eth0 PostUp = iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE PostUp = ip6tables -t nat -I POSTROUTING -o eth0 -j MASQUERADE PreDown = ufw route delete allow in on wg0 out on eth0 PreDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE PreDown = ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

---

sysctl net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1 sysctl -p

---

  1. nastavit NAT
  2. zjistit public interface:

ip route list default

  1. otevřít port pro WG v nftables

sudo ufw allow 51820/udp

---

  1. nastavit systemd service

systemctl enable wg-quick@wg0.service


client -------
  1. vygenerovat klíče

wg genkey | tee /etc/wireguard/private.key chmod go= /etc/wireguard/private.key cat /etc/wireguard/private.key | wg pubkey | tee /etc/wireguard/public.key

  1. /etc/wireguard/wg0.conf

[Interface] PrivateKey = base64_encoded_peer_private_key_goes_here Address = 10.8.0.2/24 Address = fd24:609a:6c18::2/64

[Peer] PublicKey = U9uE2kb/nrrzsEU58GD3pKFU3TLYDMCbetIsnV8eeFE= AllowedIPs = 10.8.0.0/24, fd24:609a:6c18::/64 Endpoint = 203.0.113.1:51820

  1. Takto na sebe uvidí všichni peer.
  2. Tohle pošle veškerý traffic skrz WG GW?

AllowedIPs = 0.0.0.0/0, ::/0