Server

https://openwrt.org/docs/guide-user/services/vpn/wireguard/server

opkg install --force-depends  wireguard-tools kmod-wireguard luci-app-wireguard

WG_IF="vpn"
WG_PORT="51820"
WG_ADDR="192.168.9.1/24"
WG_ADDR6="fdf1:e8a1:8d3f:9::1/64"

umask go=
wg genkey | tee wgserver.key | wg pubkey > wgserver.pub
wg genkey | tee wgclient.key | wg pubkey > wgclient.pub
wg genpsk > wgclient.psk
 
# Server private key
WG_KEY="$(cat wgserver.key)"
 
# Pre-shared key
WG_PSK="$(cat wgclient.psk)"
 
# Client public key
WG_PUB="$(cat wgclient.pub)"

 
uci del_list firewall.lan.network="${WG_IF}"
uci add_list firewall.lan.network="${WG_IF}"
uci -q delete firewall.wg
uci set firewall.wg="rule"
uci set firewall.wg.name="Allow-WireGuard"
uci set firewall.wg.src="wan"
uci set firewall.wg.dest_port="${WG_PORT}"
uci set firewall.wg.proto="udp"
uci set firewall.wg.target="ACCEPT"
uci commit firewall
/etc/init.d/firewall restart

uci -q delete network.${WG_IF}
uci set network.${WG_IF}="interface"
uci set network.${WG_IF}.proto="wireguard"
uci set network.${WG_IF}.private_key="${WG_KEY}"
uci set network.${WG_IF}.listen_port="${WG_PORT}"
uci add_list network.${WG_IF}.addresses="${WG_ADDR}"
uci add_list network.${WG_IF}.addresses="${WG_ADDR6}"
 

uci commit network
/etc/init.d/network restart

uci -q delete network.wgclient
uci set network.wgclient="wireguard_${WG_IF}"
uci set network.wgclient.public_key="${WG_PUB}"
uci set network.wgclient.preshared_key="${WG_PSK}"
uci add_list network.wgclient.allowed_ips="${WG_ADDR%.*}.2/32"
uci add_list network.wgclient.allowed_ips="${WG_ADDR6%:*}:2/128"

uci commit network
/etc/init.d/network restart

https://openwrt.org/docs/guide-user/services/vpn/wireguard/client

WG_IF="vpn"
WG_SERV="autosys.tk"
WG_PORT="51820"
WG_ADDR="192.168.9.2/24"
WG_ADDR6="fdf1:e8a1:8d3f:9::2/64"

Ключит мы уже сгенерировали на сервере:

cat wgclient.key
cat wgserver.pub 
cat wgclient.psk

И помещаем данные в переменные:

WG_KEY="---wgclient.key---"
WG_PSK="---wgclient.psk---"
WG_PUB="--wgserver.pub--"

# Configure network
uci -q delete network.${WG_IF}
uci set network.${WG_IF}="interface"
uci set network.${WG_IF}.proto="wireguard"
uci set network.${WG_IF}.private_key="${WG_KEY}"
uci add_list network.${WG_IF}.addresses="${WG_ADDR}"
uci add_list network.${WG_IF}.addresses="${WG_ADDR6}"
 
# Add VPN peers
uci -q delete network.wgserver
uci set network.wgserver="wireguard_${WG_IF}"
uci set network.wgserver.public_key="${WG_PUB}"
uci set network.wgserver.preshared_key="${WG_PSK}"
uci set network.wgserver.endpoint_host="${WG_SERV}"
uci set network.wgserver.endpoint_port="${WG_PORT}"
uci set network.wgserver.route_allowed_ips="0"
uci set network.wgserver.persistent_keepalive="25"
uci add_list network.wgserver.allowed_ips="0.0.0.0/0"
uci add_list network.wgserver.allowed_ips="::/0"

Real name:

E-Mail:

Address:

Enter your comment. Wiki syntax is allowed:

Please fill all the letters into the box to prove you're human. Please keep this field empty:

Subscribe to comments

Server

Variables

Firewall

Network

Peers

Client

Variables

Keys

Network

Discussion