OPNsense Wireguard: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 143: | Zeile 143: | ||
[[Datei:Opnsense-wg06.png]] | [[Datei:Opnsense-wg06.png]] | ||
[[Kategorie:OPNsense]] | [[Kategorie:OPNsense]] | ||
| + | |||
=Peer Generator= | =Peer Generator= | ||
*VPN | *VPN | ||
Version vom 18. Februar 2026, 13:41 Uhr
Konfiguration
- VPN
- WireGuard
- Settings => General
- WireGuard
| Bereich | Einstellung | Wert |
|---|---|---|
| VPN → WireGuard → Settings | Enable WireGuard | aktiviert |
| VPN → WireGuard → Settings | Status | Enabled |
| VPN → WireGuard → Settings | Aktion | Apply |
WireGuard Instance – WG
- VPN
- WireGuard
- Settings
- Instances
- +
- Instances
- Settings
- WireGuard
| Parameter | Wert |
|---|---|
| Enabled | Ja |
| Name | WG |
| Instance | 0 |
| Public key | DaPF7JvnRYpNuXiFgo4Uqu/Yq9dmz0Gu8mijd4h... |
| Private key | gDvRj18foAvOVGTvZR6ca2ewRQBstGlg/I5cdPUA... |
| Listen port | 55555 |
| Tunnel address | 172.30.32.1/24 |
| Depend on (CARP) | None |
| Peers | |
| Disable routes | Nein |
| Debug log | Nein |
Interfaces
- Assignments
| Feld | Wert |
|---|---|
| Device | wg1 (WireGuard - WG) |
| Description | WG |
| Aktion | Add |
Firewall
WAN
- Rules
- WAN
- +
- WAN
| Parameter | Wert |
|---|---|
| Action | Pass |
| Disabled | Nein |
| Quick | Ja |
| Interface | WAN |
| Direction | in |
| TCP/IP Version | IPv4 |
| Protocol | UDP |
| Source | any |
| Destination | This Firewall |
| Destination Port (from) | 51820 |
| Destination Port (to) | 51820 |
| Log | Nein |
WireGuard (Group)
- Rules
- WireGuard (Group)
- +
- WireGuard (Group)
| Parameter | Wert |
|---|---|
| Action | Pass |
| Disabled | Nein |
| Quick | Ja |
| Interface | WireGuard (Group) |
| Direction | in |
| TCP/IP Version | IPv4 |
| Protocol | any |
| Source | any |
| Destination | any |
| Destination Port (from) | any |
| Destination Port (to) | any |
An einem Linux System
- PUBKEY_SERVER=XbO5anN/a6S6fR40N6xn+lqkctdAZK4yudaVAUtVmh8=
- PRIVKEY=$(wg genkey)
- PUBKEY=$(echo $PRIVKEY | wg pubkey)
- cat<<HERE > client1.conf
[Interface] Address = 172.30.32.101/24 PrivateKey = $PRIVKEY #PUBKEY = $PUBKEY DNS = 8.8.8.8 [Peer] PublicKey = $PUBKEY_SERVER AllowedIPs = 0.0.0.0/0 Endpoint = opns-zw.ix.de:55555 HERE
generate the qrcode
- qrencode -t utf8 < client1.conf
Peer hinzufügen
Peer Generator
- VPN
- Wireguard:
- Peer Generator
- Wireguard:
WireGuard Peer – client01
| Parameter | Wert |
|---|---|
| Instance | WG |
| Endpoint | opnsense.it213.xinmen.de:55555 |
| Name | client01 |
| Public key | 85X0PniiIqGxXLqrXwFsGy36uMFaVicvq+0uCFe3X... |
| Private key | APmUQ0ys0PcHfU0x4aTm+66fs0Z4iYSWOE7hLASPRG8= |
| Address | 172.30.32.4/32 |
| Pre-shared key | rppkqNldvezugnZaVNclK4XDPBvZPg+O1dSJVU6VG8= |
| Allowed IPs | 0.0.0.0/0, ::/0 |
| Keepalive interval | 10 |
| DNS Servers | - |
| Store and generate next | Ja |
| Enable WireGuard | Ja |
Die Konfiguration
[Interface] PrivateKey = APmUQ0ys0PcHfU0x4aTm+66fs0Z4iYSWOE7hLASPRG8= Address = 172.30.32.4/32 [Peer] PublicKey = DaPF7JvnRYpNuXiFgo4Uqu/Yq9dmz0Gu8mijd4h622E= PresharedKey = rppkqNldvezugnZaVNclK4XDPBvZPg+O1dSJVU6VG8= Endpoint = opnsense.it213.xinmen.de:55555 AllowedIPs = 0.0.0.0/0, ::/0 PersistentKeepalive = 10
Wireguard start
- sudo wg-quick up wg0
Wireguard stop
- sudo wg-quick down wg0
Wireguard show
- sudo wg show