OPNsense Wireguard: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| (42 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
=Konfiguration= | =Konfiguration= | ||
| − | *=>VPN = | + | *VPN |
| − | [[ | + | **WireGuard |
| + | ***Settings => General''' | ||
| + | {| class="wikitable" | ||
| + | ! Bereich !! Einstellung !! Wert | ||
| + | |- | ||
| + | | VPN → WireGuard → Settings || Enable WireGuard || aktiviert | ||
| + | |- | ||
| + | | VPN → WireGuard → Settings || Status || Enabled | ||
| + | |- | ||
| + | | VPN → WireGuard → Settings || Aktion || Apply | ||
| + | |} | ||
| + | == WireGuard Instance – WG == | ||
| + | *VPN | ||
| + | **WireGuard | ||
| + | ***Settings | ||
| + | ****Instances | ||
| + | *****+ | ||
| + | {| class="wikitable" | ||
| + | ! Parameter !! Wert | ||
| + | |- | ||
| + | | Enabled || Ja | ||
| + | |- | ||
| + | | Name || WG | ||
| + | |- | ||
| + | | Instance || 0 | ||
| + | |- | ||
| + | | Public key || DaPF7JvnRYpNuXiFgo4Uqu/Yq9dmz0Gu8mijd4h... | ||
| + | |- | ||
| + | | Private key || gDvRj18foAvOVGTvZR6ca2ewRQBstGlg/I5cdPUA... | ||
| + | |- | ||
| + | | Listen port || 55555 | ||
| + | |- | ||
| + | | Tunnel address || 172.30.32.1/24 | ||
| + | |- | ||
| + | | Depend on (CARP) || None | ||
| + | |- | ||
| + | | Peers || | ||
| + | |- | ||
| + | | Disable routes || Nein | ||
| + | |- | ||
| + | | Debug log || Nein | ||
| + | |} | ||
| + | |||
| + | =Interfaces= | ||
| + | *Assignments | ||
| + | {| class="wikitable" | ||
| + | ! Feld !! Wert | ||
| + | |- | ||
| + | | Device || wg1 (WireGuard - WG) | ||
| + | |- | ||
| + | | Description || WG | ||
| + | |- | ||
| + | | Aktion || Add | ||
| + | |} | ||
| + | |||
| + | =Firewall= | ||
| + | ==WAN== | ||
| + | *Rules | ||
| + | **WAN | ||
| + | ***+ | ||
| + | {| class="wikitable" | ||
| + | ! Parameter !! Wert | ||
| + | |- | ||
| + | | Action || Pass | ||
| + | |- | ||
| + | | Disabled || Nein | ||
| + | |- | ||
| + | | Quick || Ja | ||
| + | |- | ||
| + | | Interface || WAN | ||
| + | |- | ||
| + | | Direction || in | ||
| + | |- | ||
| + | | TCP/IP Version || IPv4 | ||
| + | |- | ||
| + | | Protocol || UDP | ||
| + | |- | ||
| + | | Source || any | ||
| + | |- | ||
| + | | Destination || This Firewall | ||
| + | |- | ||
| + | | Destination Port (from) || 55555 | ||
| + | |- | ||
| + | | Destination Port (to) || 55555 | ||
| + | |- | ||
| + | | Log || Nein | ||
| + | |} | ||
| + | |||
| + | ==WireGuard (Group)== | ||
| + | *Rules | ||
| + | **WireGuard (Group) | ||
| + | ***+ | ||
| + | {| class="wikitable" | ||
| + | ! Parameter !! Wert | ||
| + | |- | ||
| + | | Action || Pass | ||
| + | |- | ||
| + | | Disabled || Nein | ||
| + | |- | ||
| + | | Quick || Ja | ||
| + | |- | ||
| + | | Interface || WireGuard (Group) | ||
| + | |- | ||
| + | | Direction || in | ||
| + | |- | ||
| + | | TCP/IP Version || IPv4 | ||
| + | |- | ||
| + | | Protocol || any | ||
| + | |- | ||
| + | | Source || any | ||
| + | |- | ||
| + | | Destination || any | ||
| + | |- | ||
| + | | Destination Port (from) || any | ||
| + | |- | ||
| + | | Destination Port (to) || any | ||
| + | |} | ||
| + | |||
| + | |||
| + | |||
| + | [[Kategorie:OPNsense]] | ||
| + | |||
| + | =Peer Generator= | ||
| + | *VPN | ||
| + | **Wireguard: | ||
| + | ***Peer Generator | ||
| + | == WireGuard Peer – client01 == | ||
| + | {| class="wikitable" | ||
| + | ! Parameter !! Wert | ||
| + | |- | ||
| + | | Instance || WG | ||
| + | |- | ||
| + | | Endpoint || opnsense.it213.xinmen.de:55555 | ||
| + | |- | ||
| + | | Name || client01 | ||
| + | |- | ||
| + | | Public key || 85X0PniiIqGxXLqrXwFsGy36uMFaVicvq+0uCFe3X... | ||
| + | |- | ||
| + | | Private key || APmUQ0ys0PcHfU0x4aTm+66fs0Z4iYSWOE7hLASPRG8= | ||
| + | |- | ||
| + | | Address || 172.30.32.4/32 | ||
| + | |- | ||
| + | | Pre-shared key || rppkqNldvezugnZaVNclK4XDPBvZPg+O1dSJVU6VG8= | ||
| + | |- | ||
| + | | Allowed IPs || 0.0.0.0/0, ::/0 | ||
| + | |- | ||
| + | | Keepalive interval || 10 | ||
| + | |- | ||
| + | | DNS Servers || - | ||
| + | |- | ||
| + | | Store and generate next || '''Wichtig erst Inhalt der Konfig kopieren und dann Apply''' | ||
| + | |- | ||
| + | | Enable WireGuard || Ja | ||
| + | |} | ||
| + | |||
| + | ==Die Konfiguration== | ||
| + | <pre> | ||
| + | [Interface] | ||
| + | PrivateKey = APmUQ0ys0PcHfU0x4aTm+66fs0Z4iYSWOE7hLASPRG8= | ||
| + | Address = 172.30.32.4/32 | ||
| + | |||
| + | [Peer] | ||
| + | PublicKey = DaPF7JvnRYpNuXiFgo4Uqu/Yq9dmz0Gu8mijd4h622E= | ||
| + | PresharedKey = rppkqNldvezugnZaVNclK4XDPBvZPg+O1dSJVU6VG8= | ||
| + | Endpoint = opnsense.it213.xinmen.de:55555 | ||
| + | AllowedIPs = 0.0.0.0/0, ::/0 | ||
| + | PersistentKeepalive = 10 | ||
| + | </pre> | ||
| + | =Auf dem Linux System= | ||
| + | ;Installation | ||
| + | *sudo apt instal wireguard | ||
| + | ;Anlegen der Konfiguration | ||
| + | *sudo vi /etc/wireguard/wg0.conf | ||
| + | ;Hier kommt die Konfiguration rein. | ||
| + | |||
| + | =Wireguard start= | ||
| + | *sudo wg-quick up wg0 | ||
| + | =Wireguard stop= | ||
| + | *sudo wg-quick down wg0 | ||
| + | =Wireguard show= | ||
| + | *sudo wg show | ||
| + | =Webseite= | ||
| + | *https://www.wireguard.com/install/ | ||
Aktuelle Version vom 18. Februar 2026, 13:47 Uhr
Konfiguration
- VPN
- WireGuard
- Settings => General
- WireGuard
| Bereich | Einstellung | Wert |
|---|---|---|
| VPN → WireGuard → Settings | Enable WireGuard | aktiviert |
| VPN → WireGuard → Settings | Status | Enabled |
| VPN → WireGuard → Settings | Aktion | Apply |
WireGuard Instance – WG
- VPN
- WireGuard
- Settings
- Instances
- +
- Instances
- Settings
- WireGuard
| Parameter | Wert |
|---|---|
| Enabled | Ja |
| Name | WG |
| Instance | 0 |
| Public key | DaPF7JvnRYpNuXiFgo4Uqu/Yq9dmz0Gu8mijd4h... |
| Private key | gDvRj18foAvOVGTvZR6ca2ewRQBstGlg/I5cdPUA... |
| Listen port | 55555 |
| Tunnel address | 172.30.32.1/24 |
| Depend on (CARP) | None |
| Peers | |
| Disable routes | Nein |
| Debug log | Nein |
Interfaces
- Assignments
| Feld | Wert |
|---|---|
| Device | wg1 (WireGuard - WG) |
| Description | WG |
| Aktion | Add |
Firewall
WAN
- Rules
- WAN
- +
- WAN
| Parameter | Wert |
|---|---|
| Action | Pass |
| Disabled | Nein |
| Quick | Ja |
| Interface | WAN |
| Direction | in |
| TCP/IP Version | IPv4 |
| Protocol | UDP |
| Source | any |
| Destination | This Firewall |
| Destination Port (from) | 55555 |
| Destination Port (to) | 55555 |
| Log | Nein |
WireGuard (Group)
- Rules
- WireGuard (Group)
- +
- WireGuard (Group)
| Parameter | Wert |
|---|---|
| Action | Pass |
| Disabled | Nein |
| Quick | Ja |
| Interface | WireGuard (Group) |
| Direction | in |
| TCP/IP Version | IPv4 |
| Protocol | any |
| Source | any |
| Destination | any |
| Destination Port (from) | any |
| Destination Port (to) | any |
Peer Generator
- VPN
- Wireguard:
- Peer Generator
- Wireguard:
WireGuard Peer – client01
| Parameter | Wert |
|---|---|
| Instance | WG |
| Endpoint | opnsense.it213.xinmen.de:55555 |
| Name | client01 |
| Public key | 85X0PniiIqGxXLqrXwFsGy36uMFaVicvq+0uCFe3X... |
| Private key | APmUQ0ys0PcHfU0x4aTm+66fs0Z4iYSWOE7hLASPRG8= |
| Address | 172.30.32.4/32 |
| Pre-shared key | rppkqNldvezugnZaVNclK4XDPBvZPg+O1dSJVU6VG8= |
| Allowed IPs | 0.0.0.0/0, ::/0 |
| Keepalive interval | 10 |
| DNS Servers | - |
| Store and generate next | Wichtig erst Inhalt der Konfig kopieren und dann Apply |
| Enable WireGuard | Ja |
Die Konfiguration
[Interface] PrivateKey = APmUQ0ys0PcHfU0x4aTm+66fs0Z4iYSWOE7hLASPRG8= Address = 172.30.32.4/32 [Peer] PublicKey = DaPF7JvnRYpNuXiFgo4Uqu/Yq9dmz0Gu8mijd4h622E= PresharedKey = rppkqNldvezugnZaVNclK4XDPBvZPg+O1dSJVU6VG8= Endpoint = opnsense.it213.xinmen.de:55555 AllowedIPs = 0.0.0.0/0, ::/0 PersistentKeepalive = 10
Auf dem Linux System
- Installation
- sudo apt instal wireguard
- Anlegen der Konfiguration
- sudo vi /etc/wireguard/wg0.conf
- Hier kommt die Konfiguration rein.
Wireguard start
- sudo wg-quick up wg0
Wireguard stop
- sudo wg-quick down wg0
Wireguard show
- sudo wg show