Difference between revisions of "Wireguard ubuntu"
From Teknologisk videncenter
(Created page with "Wireguard VPN between two Ubuntu hosts - one behind NAT =Host A: Public access= <source lang=bash> sudo bash apt install wireguard cd /etc/wireguard umask 077 wg genkey > priv...") |
m (→Debug) |
||
| (10 intermediate revisions by the same user not shown) | |||
| Line 10: | Line 10: | ||
ip link add dev wg0 type wireguard | ip link add dev wg0 type wireguard | ||
ip address add dev wg0 172.31.0.1/24 | ip address add dev wg0 172.31.0.1/24 | ||
| − | wg set wg0 listen-port 8172 private-key privatekey peer | + | wg set wg0 listen-port 8172 private-key privatekey peer OTHER HOST PUBLIC KEY allowed-ips 0.0.0.0/0 endpoint 91.172.64.81:51820 |
| + | touch wg0.conf | ||
wg-quick save wg0 | wg-quick save wg0 | ||
| + | systemctl enable wg-quick@wg0.service | ||
| + | systemctl start wg-quick@wg0 | ||
| + | |||
</source> | </source> | ||
| + | /etc/wireguard/wg. conf | ||
| + | <source lang=bash> | ||
| + | [Interface] | ||
| + | Address = 172.31.0.1/24 # wg0 interface IP (Tunnel endpoint) | ||
| + | ListenPort = 8172 | ||
| + | PrivateKey = THIS HOSTS PRIVATE KEY (Host A)= | ||
| + | |||
| + | # VVS nuc | ||
| + | [Peer] | ||
| + | PublicKey = THE OTHER HOSTS PUBLIC KEY (host B)= | ||
| + | AllowedIPs = 192.168.11.0/24, 172.31.0.0/24 | ||
| + | Endpoint = 91.172.64.81:51820 | ||
| + | </source> | ||
| + | |||
| + | =Host B: Behind NAT= | ||
| + | /etc/wireguard/wg0.conf | ||
| + | <source lang=bash> | ||
| + | [Interface] | ||
| + | Address = 172.31.0.2/24 | ||
| + | ListenPort = 51820 | ||
| + | PrivateKey = THIS HOSTS PRIVATE KEY (Host B)= | ||
| + | |||
| + | [Peer] | ||
| + | PublicKey = OTHER HOSTS PUBLIC KEY (Host A)= | ||
| + | AllowedIPs = 192.168.12.0/24, 172.31.0.0/24 | ||
| + | Endpoint = 91.172.64.81:8172 | ||
| + | PersistentKeepalive = 20 | ||
| + | </source> | ||
| + | |||
| + | =Debug= | ||
| + | *Enable WireGuard debug. '''echo 'module wireguard +p' | sudo tee /sys/kernel/debug/dynamic_debug/control''' | ||
| + | *Disable WireGuard debug. '''echo 'module wireguard -p' | sudo tee /sys/kernel/debug/dynamic_debug/control''' | ||
| + | *View Logs. dmesg. ... (tail -f /var/log/kern.log) | ||
| + | |||
| + | =Links= | ||
| + | *https://www.wireguard.com/quickstart/ | ||
| + | [[Category:Linux]][[Category:Security]] | ||
Latest revision as of 06:42, 26 June 2025
Wireguard VPN between two Ubuntu hosts - one behind NAT
Host A: Public access
sudo bash
apt install wireguard
cd /etc/wireguard
umask 077
wg genkey > privatekey
wg pubkey < privatekey > publickey
ip link add dev wg0 type wireguard
ip address add dev wg0 172.31.0.1/24
wg set wg0 listen-port 8172 private-key privatekey peer OTHER HOST PUBLIC KEY allowed-ips 0.0.0.0/0 endpoint 91.172.64.81:51820
touch wg0.conf
wg-quick save wg0
systemctl enable wg-quick@wg0.service
systemctl start wg-quick@wg0
/etc/wireguard/wg. conf
[Interface]
Address = 172.31.0.1/24 # wg0 interface IP (Tunnel endpoint)
ListenPort = 8172
PrivateKey = THIS HOSTS PRIVATE KEY (Host A)=
# VVS nuc
[Peer]
PublicKey = THE OTHER HOSTS PUBLIC KEY (host B)=
AllowedIPs = 192.168.11.0/24, 172.31.0.0/24
Endpoint = 91.172.64.81:51820
Host B: Behind NAT
/etc/wireguard/wg0.conf
[Interface]
Address = 172.31.0.2/24
ListenPort = 51820
PrivateKey = THIS HOSTS PRIVATE KEY (Host B)=
[Peer]
PublicKey = OTHER HOSTS PUBLIC KEY (Host A)=
AllowedIPs = 192.168.12.0/24, 172.31.0.0/24
Endpoint = 91.172.64.81:8172
PersistentKeepalive = 20
Debug
- Enable WireGuard debug. echo 'module wireguard +p' | sudo tee /sys/kernel/debug/dynamic_debug/control
- Disable WireGuard debug. echo 'module wireguard -p' | sudo tee /sys/kernel/debug/dynamic_debug/control
- View Logs. dmesg. ... (tail -f /var/log/kern.log)