Wireguard Server for Roadwarrior: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 1: | Zeile 1: | ||
| − | =Configuration= | + | = Configuration = |
| − | *PORT=44711 | + | *PORT = 44711 |
| − | *VPNSERVER=192.168.y.1xx | + | *VPNSERVER = 192.168.y.1xx |
| − | *SERVER=172.17.1xx.0/24 | + | *SERVER = 172.17.1xx.0/24 |
| − | *LAN=172.16.1xx.0/24 | + | *LAN = 172.16.1xx.0/24 |
| − | ==Schlüsselgenerierung== | + | *TRANSIT = 10.79.254.1/24 |
| + | |||
| + | == Schlüsselgenerierung == | ||
*S_PRIVKEY=$(wg genkey) | *S_PRIVKEY=$(wg genkey) | ||
*S_PUBKEY=$(echo $S_PRIVKEY | wg pubkey) | *S_PUBKEY=$(echo $S_PRIVKEY | wg pubkey) | ||
*C_PRIVKEY=$(wg genkey) | *C_PRIVKEY=$(wg genkey) | ||
*C_PUBKEY=$(echo $C_PRIVKEY | wg pubkey) | *C_PUBKEY=$(echo $C_PRIVKEY | wg pubkey) | ||
| − | ==VPNServer== | + | *PSK=$(wg genpsk) |
| − | *cat<<HERE >/etc/wireguard/wg0.conf | + | |
| + | == VPNServer == | ||
| + | *cat <<HERE > /etc/wireguard/wg0.conf | ||
<pre> | <pre> | ||
[Interface] | [Interface] | ||
| − | Address = | + | Address = 10.79.254.1/24 |
| + | ListenPort = 44711 | ||
PrivateKey = $S_PRIVKEY | PrivateKey = $S_PRIVKEY | ||
| − | |||
| − | |||
[Peer] | [Peer] | ||
PublicKey = $C_PUBKEY | PublicKey = $C_PUBKEY | ||
| − | + | PresharedKey = $PSK | |
AllowedIPs = 10.79.254.11/32 | AllowedIPs = 10.79.254.11/32 | ||
HERE | HERE | ||
</pre> | </pre> | ||
| − | =Clients= | + | = Clients = |
| − | ==Android== | + | |
| − | ==On server== | + | == Android == |
| − | ; | + | ; Installiere die App ''WireGuard'' und nutze den folgenden QR-Code |
| − | *mkdir /etc/wireguard/client1 | + | |
| − | *cd | + | == On server == |
| − | *cat<<HERE > | + | ; Generiere die Konfigurationsdatei des Clients direkt auf dem Server |
| + | |||
| + | *mkdir -p /etc/wireguard/client1 | ||
| + | *cd /etc/wireguard/client1 | ||
| + | *cat <<HERE > client1.conf | ||
<pre> | <pre> | ||
[Interface] | [Interface] | ||
| Zeile 40: | Zeile 47: | ||
[Peer] | [Peer] | ||
PublicKey = $S_PUBKEY | PublicKey = $S_PUBKEY | ||
| + | PresharedKey = $PSK | ||
AllowedIPs = 0.0.0.0/0, ::/0 | AllowedIPs = 0.0.0.0/0, ::/0 | ||
| − | Endpoint = | + | Endpoint = 192.168.y.1xx:44711 |
| + | PersistentKeepalive = 25 | ||
HERE | HERE | ||
</pre> | </pre> | ||
| − | =Hier geht es mit QR Code= | + | = Hier geht es mit QR Code = |
| − | ; | + | ; Generiere den QR-Code |
*qrencode -t utf8 < client1.conf | *qrencode -t utf8 < client1.conf | ||
| − | =Links= | + | = Weiterleitung und Zugriff auf interne Netze = |
| + | ; Auf dem Server Routing aktivieren | ||
| + | *echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf | ||
| + | *sysctl -p | ||
| + | |||
| + | ; Zugriff auf interne Netze erlauben | ||
| + | *iptables -A FORWARD -i wg0 -s 10.79.254.11 -d 172.16.1xx.0/24 -j ACCEPT | ||
| + | *iptables -A FORWARD -i wg0 -s 10.79.254.11 -d 172.17.1xx.0/24 -j ACCEPT | ||
| + | *iptables -t nat -A POSTROUTING -s 10.79.254.11 -d 172.16.1xx.0/24 -j MASQUERADE | ||
| + | *iptables -t nat -A POSTROUTING -s 10.79.254.11 -d 172.17.1xx.0/24 -j MASQUERADE | ||
| + | |||
| + | = Links = | ||
*https://blog.oxplot.com/wireguard-vpn-on-android/ | *https://blog.oxplot.com/wireguard-vpn-on-android/ | ||
*https://wiki.debian.org/Wireguard | *https://wiki.debian.org/Wireguard | ||
Version vom 12. April 2025, 21:11 Uhr
Configuration
- PORT = 44711
- VPNSERVER = 192.168.y.1xx
- SERVER = 172.17.1xx.0/24
- LAN = 172.16.1xx.0/24
- TRANSIT = 10.79.254.1/24
Schlüsselgenerierung
- S_PRIVKEY=$(wg genkey)
- S_PUBKEY=$(echo $S_PRIVKEY | wg pubkey)
- C_PRIVKEY=$(wg genkey)
- C_PUBKEY=$(echo $C_PRIVKEY | wg pubkey)
- PSK=$(wg genpsk)
VPNServer
- cat <<HERE > /etc/wireguard/wg0.conf
[Interface] Address = 10.79.254.1/24 ListenPort = 44711 PrivateKey = $S_PRIVKEY [Peer] PublicKey = $C_PUBKEY PresharedKey = $PSK AllowedIPs = 10.79.254.11/32 HERE
Clients
Android
- Installiere die App WireGuard und nutze den folgenden QR-Code
On server
- Generiere die Konfigurationsdatei des Clients direkt auf dem Server
- mkdir -p /etc/wireguard/client1
- cd /etc/wireguard/client1
- cat <<HERE > client1.conf
[Interface] Address = 10.79.254.11/24 PrivateKey = $C_PRIVKEY DNS = 8.8.8.8 [Peer] PublicKey = $S_PUBKEY PresharedKey = $PSK AllowedIPs = 0.0.0.0/0, ::/0 Endpoint = 192.168.y.1xx:44711 PersistentKeepalive = 25 HERE
Hier geht es mit QR Code
- Generiere den QR-Code
- qrencode -t utf8 < client1.conf
Weiterleitung und Zugriff auf interne Netze
- Auf dem Server Routing aktivieren
- echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
- sysctl -p
- Zugriff auf interne Netze erlauben
- iptables -A FORWARD -i wg0 -s 10.79.254.11 -d 172.16.1xx.0/24 -j ACCEPT
- iptables -A FORWARD -i wg0 -s 10.79.254.11 -d 172.17.1xx.0/24 -j ACCEPT
- iptables -t nat -A POSTROUTING -s 10.79.254.11 -d 172.16.1xx.0/24 -j MASQUERADE
- iptables -t nat -A POSTROUTING -s 10.79.254.11 -d 172.17.1xx.0/24 -j MASQUERADE