OPNsense Wireguard: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
 
(26 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 1: Zeile 1:
 
=Konfiguration=
 
=Konfiguration=
*'''=>VPN => WireGuard => Settings => General'''
+
*VPN
[[Datei:Opnsense-wg01.png]]
+
**WireGuard
*'''=>VPN => WireGuard => Settings => Instances => +'''
+
***Settings => General'''
[[Datei:Opnsense-wg02.png]]
+
{| class="wikitable"
 +
! Bereich !! Einstellung !! Wert
 +
|-
 +
| VPN → WireGuard → Settings || Enable WireGuard || aktiviert
 +
|-
 +
| VPN → WireGuard → Settings || Status || Enabled
 +
|-
 +
| VPN → WireGuard → Settings || Aktion || Apply
 +
|}
 +
== WireGuard Instance – WG ==
 +
*VPN
 +
**WireGuard
 +
***Settings
 +
****Instances
 +
*****+
 +
{| class="wikitable"
 +
! Parameter !! Wert
 +
|-
 +
| Enabled || Ja
 +
|-
 +
| Name || WG
 +
|-
 +
| Instance || 0
 +
|-
 +
| Public key || DaPF7JvnRYpNuXiFgo4Uqu/Yq9dmz0Gu8mijd4h...
 +
|-
 +
| Private key || gDvRj18foAvOVGTvZR6ca2ewRQBstGlg/I5cdPUA...
 +
|-
 +
| Listen port || 55555
 +
|-
 +
| Tunnel address || 172.30.32.1/24
 +
|-
 +
| Depend on (CARP) || None
 +
|-
 +
| Peers ||
 +
|-
 +
| Disable routes || Nein
 +
|-
 +
| Debug log || Nein
 +
|}
 +
 
 
=Interfaces=
 
=Interfaces=
 
*Assignments
 
*Assignments
[[Datei:Opnsense-wg03.png]]
+
{| class="wikitable"
 +
! Feld !! Wert
 +
|-
 +
| Device || wg1 (WireGuard - WG)
 +
|-
 +
| Description || WG
 +
|-
 +
| Aktion || Add
 +
|}
 +
 
 
=Firewall=
 
=Firewall=
*'''=> Rules => WAN => +'''
+
==WAN==
[[Datei:Opnsense-wg04.png]]
+
*Rules
*'''=> Rules => WireGuard (Group) => +'''
+
**WAN
[[Datei:Opnsense-wg05.png]]
+
***+
 +
{| class="wikitable"
 +
! Parameter !! Wert
 +
|-
 +
| Action || Pass
 +
|-
 +
| Disabled || Nein
 +
|-
 +
| Quick || Ja
 +
|-
 +
| Interface || WAN
 +
|-
 +
| Direction || in
 +
|-
 +
| TCP/IP Version || IPv4
 +
|-
 +
| Protocol || UDP
 +
|-
 +
| Source || any
 +
|-
 +
| Destination || This Firewall
 +
|-
 +
| Destination Port (from) || 55555
 +
|-
 +
| Destination Port (to) || 55555
 +
|-
 +
| Log || Nein
 +
|}
 +
 
 +
==WireGuard (Group)==
 +
*Rules
 +
**WireGuard (Group)
 +
***+
 +
{| class="wikitable"
 +
! Parameter !! Wert
 +
|-
 +
| Action || Pass
 +
|-
 +
| Disabled || Nein
 +
|-
 +
| Quick || Ja
 +
|-
 +
| Interface || WireGuard (Group)
 +
|-
 +
| Direction || in
 +
|-
 +
| TCP/IP Version || IPv4
 +
|-
 +
| Protocol || any
 +
|-
 +
| Source || any
 +
|-
 +
| Destination || any
 +
|-
 +
| Destination Port (from) || any
 +
|-
 +
| Destination Port (to) || any
 +
|}
 +
 
 +
 
 +
 
 +
[[Kategorie:OPNsense]]
  
=An einem Linux System=
+
=Peer Generator=
*PRIVKEY=$(wg genkey)
+
*VPN
*PUBKEY=$(echo $PRIVKEY | wg pubkey)
+
**Wireguard:
*PUBKEY_SERVER=XbO5anN/a6S6fR40N6xn+lqkctdAZK4yudaVAUtVmh8=
+
***Peer Generator
 +
== WireGuard Peer – client01 ==
 +
{| class="wikitable"
 +
! Parameter !! Wert
 +
|-
 +
| Instance || WG
 +
|-
 +
| Endpoint || opnsense.it213.xinmen.de:55555
 +
|-
 +
| Name || client01
 +
|-
 +
| Public key || 85X0PniiIqGxXLqrXwFsGy36uMFaVicvq+0uCFe3X...
 +
|-
 +
| Private key || APmUQ0ys0PcHfU0x4aTm+66fs0Z4iYSWOE7hLASPRG8=
 +
|-
 +
| Address || 172.30.32.4/32
 +
|-
 +
| Pre-shared key || rppkqNldvezugnZaVNclK4XDPBvZPg+O1dSJVU6VG8=
 +
|-
 +
| Allowed IPs || 0.0.0.0/0, ::/0
 +
|-
 +
| Keepalive interval || 10
 +
|-
 +
| DNS Servers || -
 +
|-
 +
| Store and generate next || '''Wichtig erst Inhalt der Konfig kopieren und dann Apply'''
 +
|-
 +
| Enable WireGuard || Ja
 +
|}
  
*cat<<HERE > client1.conf
+
==Die Konfiguration==
 
<pre>
 
<pre>
 
[Interface]
 
[Interface]
Address = 172.30.32.101/24
+
PrivateKey = APmUQ0ys0PcHfU0x4aTm+66fs0Z4iYSWOE7hLASPRG8=
PrivateKey = $PRIVKEY
+
Address = 172.30.32.4/32
#PUBKEY = $PUBKEY
 
DNS = 8.8.8.8
 
  
 
[Peer]
 
[Peer]
PublicKey = $PUBKEY_SERVER
+
PublicKey = DaPF7JvnRYpNuXiFgo4Uqu/Yq9dmz0Gu8mijd4h622E=
AllowedIPs = 0.0.0.0/0
+
PresharedKey = rppkqNldvezugnZaVNclK4XDPBvZPg+O1dSJVU6VG8=
Endpoint = opns-zw.ix.de:51820
+
Endpoint = opnsense.it213.xinmen.de:55555
HERE
+
AllowedIPs = 0.0.0.0/0, ::/0
 +
PersistentKeepalive = 10
 
</pre>
 
</pre>
 +
=Auf dem Linux System=
 +
;Installation
 +
*sudo apt instal wireguard
 +
;Anlegen der Konfiguration
 +
*sudo vi /etc/wireguard/wg0.conf
 +
;Hier kommt die Konfiguration rein.
  
=generate the qrcode=
+
=Wireguard start=
*qrencode -t utf8 < client1.conf
+
*sudo wg-quick up wg0
 +
=Wireguard stop=
 +
*sudo wg-quick down wg0
 +
=Wireguard show=
 +
*sudo wg show
 +
=Webseite=
 +
*https://www.wireguard.com/install/

Aktuelle Version vom 18. Februar 2026, 13:47 Uhr

Konfiguration

  • VPN
    • WireGuard
      • Settings => General
Bereich Einstellung Wert
VPN → WireGuard → Settings Enable WireGuard aktiviert
VPN → WireGuard → Settings Status Enabled
VPN → WireGuard → Settings Aktion Apply

WireGuard Instance – WG

  • VPN
    • WireGuard
      • Settings
        • Instances
          • +
Parameter Wert
Enabled Ja
Name WG
Instance 0
Public key DaPF7JvnRYpNuXiFgo4Uqu/Yq9dmz0Gu8mijd4h...
Private key gDvRj18foAvOVGTvZR6ca2ewRQBstGlg/I5cdPUA...
Listen port 55555
Tunnel address 172.30.32.1/24
Depend on (CARP) None
Peers
Disable routes Nein
Debug log Nein

Interfaces

  • Assignments
Feld Wert
Device wg1 (WireGuard - WG)
Description WG
Aktion Add

Firewall

WAN

  • Rules
    • WAN
      • +
Parameter Wert
Action Pass
Disabled Nein
Quick Ja
Interface WAN
Direction in
TCP/IP Version IPv4
Protocol UDP
Source any
Destination This Firewall
Destination Port (from) 55555
Destination Port (to) 55555
Log Nein

WireGuard (Group)

  • Rules
    • WireGuard (Group)
      • +
Parameter Wert
Action Pass
Disabled Nein
Quick Ja
Interface WireGuard (Group)
Direction in
TCP/IP Version IPv4
Protocol any
Source any
Destination any
Destination Port (from) any
Destination Port (to) any

Peer Generator

  • VPN
    • Wireguard:
      • Peer Generator

WireGuard Peer – client01

Parameter Wert
Instance WG
Endpoint opnsense.it213.xinmen.de:55555
Name client01
Public key 85X0PniiIqGxXLqrXwFsGy36uMFaVicvq+0uCFe3X...
Private key APmUQ0ys0PcHfU0x4aTm+66fs0Z4iYSWOE7hLASPRG8=
Address 172.30.32.4/32
Pre-shared key rppkqNldvezugnZaVNclK4XDPBvZPg+O1dSJVU6VG8=
Allowed IPs 0.0.0.0/0, ::/0
Keepalive interval 10
DNS Servers -
Store and generate next Wichtig erst Inhalt der Konfig kopieren und dann Apply
Enable WireGuard Ja

Die Konfiguration

[Interface]
PrivateKey = APmUQ0ys0PcHfU0x4aTm+66fs0Z4iYSWOE7hLASPRG8=
Address = 172.30.32.4/32

[Peer]
PublicKey = DaPF7JvnRYpNuXiFgo4Uqu/Yq9dmz0Gu8mijd4h622E=
PresharedKey = rppkqNldvezugnZaVNclK4XDPBvZPg+O1dSJVU6VG8=
Endpoint = opnsense.it213.xinmen.de:55555
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 10

Auf dem Linux System

Installation
  • sudo apt instal wireguard
Anlegen der Konfiguration
  • sudo vi /etc/wireguard/wg0.conf
Hier kommt die Konfiguration rein.

Wireguard start

  • sudo wg-quick up wg0

Wireguard stop

  • sudo wg-quick down wg0

Wireguard show

  • sudo wg show

Webseite

Abgerufen von „http://wiki.ixheim.de/index.php?title=OPNsense_Wireguard&oldid=67064