OPNsense Wireguard

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen

Konfiguration

  • VPN
    • WireGuard
      • Settings => General
Bereich Einstellung Wert
VPN → WireGuard → Settings Enable WireGuard aktiviert
VPN → WireGuard → Settings Status Enabled
VPN → WireGuard → Settings Aktion Apply

WireGuard Instance – WG

  • VPN
    • WireGuard
      • Settings
        • Instances
          • +
Parameter Wert
Enabled Ja
Name WG
Instance 0
Public key DaPF7JvnRYpNuXiFgo4Uqu/Yq9dmz0Gu8mijd4h...
Private key gDvRj18foAvOVGTvZR6ca2ewRQBstGlg/I5cdPUA...
Listen port 55555
Tunnel address 172.30.32.1/24
Depend on (CARP) None
Peers
Disable routes Nein
Debug log Nein

Interfaces

  • Assignments
Feld Wert
Device wg1 (WireGuard - WG)
Description WG
Aktion Add

Firewall

WAN

  • Rules
    • WAN
      • +
Parameter Wert
Action Pass
Disabled Nein
Quick Ja
Interface WAN
Direction in
TCP/IP Version IPv4
Protocol UDP
Source any
Destination This Firewall
Destination Port (from) 51820
Destination Port (to) 51820
Log Nein

WireGuard (Group)

  • Rules
    • WireGuard (Group)
      • +
Parameter Wert
Action Pass
Disabled Nein
Quick Ja
Interface WireGuard (Group)
Direction in
TCP/IP Version IPv4
Protocol any
Source any
Destination any
Destination Port (from) any
Destination Port (to) any

An einem Linux System

  • PUBKEY_SERVER=XbO5anN/a6S6fR40N6xn+lqkctdAZK4yudaVAUtVmh8=
  • PRIVKEY=$(wg genkey)
  • PUBKEY=$(echo $PRIVKEY | wg pubkey)
  • cat<<HERE > client1.conf
[Interface]
Address =  172.30.32.101/24
PrivateKey = $PRIVKEY
#PUBKEY = $PUBKEY
DNS = 8.8.8.8 

[Peer]
PublicKey = $PUBKEY_SERVER
AllowedIPs = 0.0.0.0/0
Endpoint = opns-zw.ix.de:55555
HERE

generate the qrcode

  • qrencode -t utf8 < client1.conf

Peer hinzufügen

Opnsense-wg06.png

Peer Generator

  • VPN
    • Wireguard:
      • Peer Generator

WireGuard Peer – client01

Parameter Wert
Instance WG
Endpoint opnsense.it213.xinmen.de:55555
Name client01
Public key 85X0PniiIqGxXLqrXwFsGy36uMFaVicvq+0uCFe3X...
Private key APmUQ0ys0PcHfU0x4aTm+66fs0Z4iYSWOE7hLASPRG8=
Address 172.30.32.4/32
Pre-shared key rppkqNldvezugnZaVNclK4XDPBvZPg+O1dSJVU6VG8=
Allowed IPs 0.0.0.0/0, ::/0
Keepalive interval 10
DNS Servers -
Store and generate next Ja
Enable WireGuard Ja

Die Konfiguration

[Interface]
PrivateKey = APmUQ0ys0PcHfU0x4aTm+66fs0Z4iYSWOE7hLASPRG8=
Address = 172.30.32.4/32

[Peer]
PublicKey = DaPF7JvnRYpNuXiFgo4Uqu/Yq9dmz0Gu8mijd4h622E=
PresharedKey = rppkqNldvezugnZaVNclK4XDPBvZPg+O1dSJVU6VG8=
Endpoint = opnsense.it213.xinmen.de:55555
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 10

Wireguard start

  • sudo wg-quick up wg0

Wireguard stop

  • sudo wg-quick down wg0

Wireguard show

  • sudo wg show

Webseite

Abgerufen von „http://wiki.ixheim.de/index.php?title=OPNsense_Wireguard&oldid=67055