Differences

This shows you the differences between two versions of the page.

--- openwrt:wireguard_tunnel [2021/10/26 15:58] – created admin
+++ openwrt:wireguard_tunnel [2021/10/26 17:43] (current) – [Network] admin
@@ Line 1: / Line 1: @@
-Server
+====== Server ======
+https://openwrt.org/docs/guide-user/services/vpn/wireguard/server
   opkg install --force-depends  wireguard-tools kmod-wireguard luci-app-wireguard
+===== Variables =====
+<code>
+WG_IF="vpn"
+WG_PORT="51820"
+WG_ADDR="192.168.9.1/24"
+WG_ADDR6="fdf1:e8a1:8d3f:9::1/64"
+</code>
+<code>
+umask go=
+wg genkey | tee wgserver.key | wg pubkey > wgserver.pub
+wg genkey | tee wgclient.key | wg pubkey > wgclient.pub
+wg genpsk > wgclient.psk
+# Server private key
+WG_KEY="$(cat wgserver.key)"
+# Pre-shared key
+WG_PSK="$(cat wgclient.psk)"
+# Client public key
+WG_PUB="$(cat wgclient.pub)"
+</code>
+===== Firewall =====
+<code>
+uci del_list firewall.lan.network="${WG_IF}"
+uci add_list firewall.lan.network="${WG_IF}"
+uci -q delete firewall.wg
+uci set firewall.wg="rule"
+uci set firewall.wg.name="Allow-WireGuard"
+uci set firewall.wg.src="wan"
+uci set firewall.wg.dest_port="${WG_PORT}"
+uci set firewall.wg.proto="udp"
+uci set firewall.wg.target="ACCEPT"
+uci commit firewall
+/etc/init.d/firewall restart
+</code>
+===== Network =====
+<code>
+uci -q delete network.${WG_IF}
+uci set network.${WG_IF}="interface"
+uci set network.${WG_IF}.proto="wireguard"
+uci set network.${WG_IF}.private_key="${WG_KEY}"
+uci set network.${WG_IF}.listen_port="${WG_PORT}"
+uci add_list network.${WG_IF}.addresses="${WG_ADDR}"
+uci add_list network.${WG_IF}.addresses="${WG_ADDR6}"
+uci commit network
+/etc/init.d/network restart
+</code>
+===== Peers =====
+<code>
+uci -q delete network.wgclient
+uci set network.wgclient="wireguard_${WG_IF}"
+uci set network.wgclient.public_key="${WG_PUB}"
+uci set network.wgclient.preshared_key="${WG_PSK}"
+uci add_list network.wgclient.allowed_ips="${WG_ADDR%.*}.2/32"
+uci add_list network.wgclient.allowed_ips="${WG_ADDR6%:*}:2/128"
+uci commit network
+/etc/init.d/network restart
+</code>
+====== Client ======
+https://openwrt.org/docs/guide-user/services/vpn/wireguard/client
+===== Variables =====
+<code>
+WG_IF="vpn"
+WG_SERV="autosys.tk"
+WG_PORT="51820"
+WG_ADDR="192.168.9.2/24"
+WG_ADDR6="fdf1:e8a1:8d3f:9::2/64"
+</code>
+===== Keys =====
+Ключит мы уже сгенерировали на сервере:
+  cat wgclient.key
+  cat wgserver.pub
+  cat wgclient.psk
+И помещаем данные в переменные:
+  WG_KEY="---wgclient.key---"
+  WG_PSK="---wgclient.psk---"
+  WG_PUB="--wgserver.pub--"
+===== Network =====
+<code>
+# Configure network
+uci -q delete network.${WG_IF}
+uci set network.${WG_IF}="interface"
+uci set network.${WG_IF}.proto="wireguard"
+uci set network.${WG_IF}.private_key="${WG_KEY}"
+uci add_list network.${WG_IF}.addresses="${WG_ADDR}"
+uci add_list network.${WG_IF}.addresses="${WG_ADDR6}"
+# Add VPN peers
+uci -q delete network.wgserver
+uci set network.wgserver="wireguard_${WG_IF}"
+uci set network.wgserver.public_key="${WG_PUB}"
+uci set network.wgserver.preshared_key="${WG_PSK}"
+uci set network.wgserver.endpoint_host="${WG_SERV}"
+uci set network.wgserver.endpoint_port="${WG_PORT}"
+uci set network.wgserver.route_allowed_ips="0"
+uci set network.wgserver.persistent_keepalive="25"
+uci add_list network.wgserver.allowed_ips="0.0.0.0/0"
+uci add_list network.wgserver.allowed_ips="::/0"
+</code>