Difference between revisions of "Wireguard ubuntu"
From Teknologisk videncenter
m (→Host A: Public access) |
m (→Debug) |
||
| (5 intermediate revisions by the same user not shown) | |||
| Line 10: | Line 10: | ||
ip link add dev wg0 type wireguard | ip link add dev wg0 type wireguard | ||
ip address add dev wg0 172.31.0.1/24 | ip address add dev wg0 172.31.0.1/24 | ||
| − | wg set wg0 listen-port 8172 private-key privatekey peer | + | wg set wg0 listen-port 8172 private-key privatekey peer OTHER HOST PUBLIC KEY allowed-ips 0.0.0.0/0 endpoint 91.172.64.81:51820 |
| + | touch wg0.conf | ||
wg-quick save wg0 | wg-quick save wg0 | ||
| + | systemctl enable wg-quick@wg0.service | ||
| + | systemctl start wg-quick@wg0 | ||
| + | |||
</source> | </source> | ||
/etc/wireguard/wg. conf | /etc/wireguard/wg. conf | ||
<source lang=bash> | <source lang=bash> | ||
[Interface] | [Interface] | ||
| − | Address = 172.31.0.1/24 | + | Address = 172.31.0.1/24 # wg0 interface IP (Tunnel endpoint) |
ListenPort = 8172 | ListenPort = 8172 | ||
PrivateKey = THIS HOSTS PRIVATE KEY (Host A)= | PrivateKey = THIS HOSTS PRIVATE KEY (Host A)= | ||
| Line 41: | Line 45: | ||
PersistentKeepalive = 20 | PersistentKeepalive = 20 | ||
</source> | </source> | ||
| + | |||
| + | =Debug= | ||
| + | *Enable WireGuard debug. '''echo 'module wireguard +p' | sudo tee /sys/kernel/debug/dynamic_debug/control''' | ||
| + | *Disable WireGuard debug. '''echo 'module wireguard -p' | sudo tee /sys/kernel/debug/dynamic_debug/control''' | ||
| + | *View Logs. dmesg. ... (tail -f /var/log/kern.log) | ||
=Links= | =Links= | ||
*https://www.wireguard.com/quickstart/ | *https://www.wireguard.com/quickstart/ | ||
| − | [[Category:Linux]][Category:Security]] | + | [[Category:Linux]][[Category:Security]] |
Latest revision as of 06:42, 26 June 2025
Wireguard VPN between two Ubuntu hosts - one behind NAT
Host A: Public access
sudo bash
apt install wireguard
cd /etc/wireguard
umask 077
wg genkey > privatekey
wg pubkey < privatekey > publickey
ip link add dev wg0 type wireguard
ip address add dev wg0 172.31.0.1/24
wg set wg0 listen-port 8172 private-key privatekey peer OTHER HOST PUBLIC KEY allowed-ips 0.0.0.0/0 endpoint 91.172.64.81:51820
touch wg0.conf
wg-quick save wg0
systemctl enable wg-quick@wg0.service
systemctl start wg-quick@wg0
/etc/wireguard/wg. conf
[Interface]
Address = 172.31.0.1/24 # wg0 interface IP (Tunnel endpoint)
ListenPort = 8172
PrivateKey = THIS HOSTS PRIVATE KEY (Host A)=
# VVS nuc
[Peer]
PublicKey = THE OTHER HOSTS PUBLIC KEY (host B)=
AllowedIPs = 192.168.11.0/24, 172.31.0.0/24
Endpoint = 91.172.64.81:51820
Host B: Behind NAT
/etc/wireguard/wg0.conf
[Interface]
Address = 172.31.0.2/24
ListenPort = 51820
PrivateKey = THIS HOSTS PRIVATE KEY (Host B)=
[Peer]
PublicKey = OTHER HOSTS PUBLIC KEY (Host A)=
AllowedIPs = 192.168.12.0/24, 172.31.0.0/24
Endpoint = 91.172.64.81:8172
PersistentKeepalive = 20
Debug
- Enable WireGuard debug. echo 'module wireguard +p' | sudo tee /sys/kernel/debug/dynamic_debug/control
- Disable WireGuard debug. echo 'module wireguard -p' | sudo tee /sys/kernel/debug/dynamic_debug/control
- View Logs. dmesg. ... (tail -f /var/log/kern.log)