Differences
This shows you the differences between two versions of the page.
openwrt:wireguard_tunnel [2021/10/26 15:58] – created admin | openwrt:wireguard_tunnel [2021/10/26 17:43] (current) – [Network] admin | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | Server | + | ====== |
+ | |||
+ | https:// | ||
opkg install --force-depends | opkg install --force-depends | ||
+ | | ||
+ | ===== Variables ===== | ||
+ | < | ||
+ | WG_IF=" | ||
+ | WG_PORT=" | ||
+ | WG_ADDR=" | ||
+ | WG_ADDR6=" | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | umask go= | ||
+ | wg genkey | tee wgserver.key | wg pubkey > wgserver.pub | ||
+ | wg genkey | tee wgclient.key | wg pubkey > wgclient.pub | ||
+ | wg genpsk > wgclient.psk | ||
+ | |||
+ | # Server private key | ||
+ | WG_KEY=" | ||
+ | |||
+ | # Pre-shared key | ||
+ | WG_PSK=" | ||
+ | |||
+ | # Client public key | ||
+ | WG_PUB=" | ||
+ | </ | ||
+ | |||
+ | ===== Firewall ===== | ||
+ | < | ||
+ | uci del_list firewall.lan.network=" | ||
+ | uci add_list firewall.lan.network=" | ||
+ | uci -q delete firewall.wg | ||
+ | uci set firewall.wg=" | ||
+ | uci set firewall.wg.name=" | ||
+ | uci set firewall.wg.src=" | ||
+ | uci set firewall.wg.dest_port=" | ||
+ | uci set firewall.wg.proto=" | ||
+ | uci set firewall.wg.target=" | ||
+ | uci commit firewall | ||
+ | / | ||
+ | </ | ||
+ | |||
+ | ===== Network ===== | ||
+ | < | ||
+ | uci -q delete network.${WG_IF} | ||
+ | uci set network.${WG_IF}=" | ||
+ | uci set network.${WG_IF}.proto=" | ||
+ | uci set network.${WG_IF}.private_key=" | ||
+ | uci set network.${WG_IF}.listen_port=" | ||
+ | uci add_list network.${WG_IF}.addresses=" | ||
+ | uci add_list network.${WG_IF}.addresses=" | ||
+ | |||
+ | |||
+ | uci commit network | ||
+ | / | ||
+ | </ | ||
+ | |||
+ | ===== Peers ===== | ||
+ | |||
+ | < | ||
+ | uci -q delete network.wgclient | ||
+ | uci set network.wgclient=" | ||
+ | uci set network.wgclient.public_key=" | ||
+ | uci set network.wgclient.preshared_key=" | ||
+ | uci add_list network.wgclient.allowed_ips=" | ||
+ | uci add_list network.wgclient.allowed_ips=" | ||
+ | |||
+ | uci commit network | ||
+ | / | ||
+ | </ | ||
+ | |||
+ | ====== Client ====== | ||
+ | https:// | ||
+ | ===== Variables ===== | ||
+ | < | ||
+ | WG_IF=" | ||
+ | WG_SERV=" | ||
+ | WG_PORT=" | ||
+ | WG_ADDR=" | ||
+ | WG_ADDR6=" | ||
+ | </ | ||
+ | |||
+ | ===== Keys ===== | ||
+ | Ключит мы уже сгенерировали на сервере: | ||
+ | cat wgclient.key | ||
+ | cat wgserver.pub | ||
+ | cat wgclient.psk | ||
+ | | ||
+ | И помещаем данные в переменные: | ||
+ | WG_KEY=" | ||
+ | WG_PSK=" | ||
+ | WG_PUB=" | ||
+ | |||
+ | ===== Network ===== | ||
+ | < | ||
+ | # Configure network | ||
+ | uci -q delete network.${WG_IF} | ||
+ | uci set network.${WG_IF}=" | ||
+ | uci set network.${WG_IF}.proto=" | ||
+ | uci set network.${WG_IF}.private_key=" | ||
+ | uci add_list network.${WG_IF}.addresses=" | ||
+ | uci add_list network.${WG_IF}.addresses=" | ||
+ | |||
+ | # Add VPN peers | ||
+ | uci -q delete network.wgserver | ||
+ | uci set network.wgserver=" | ||
+ | uci set network.wgserver.public_key=" | ||
+ | uci set network.wgserver.preshared_key=" | ||
+ | uci set network.wgserver.endpoint_host=" | ||
+ | uci set network.wgserver.endpoint_port=" | ||
+ | uci set network.wgserver.route_allowed_ips=" | ||
+ | uci set network.wgserver.persistent_keepalive=" | ||
+ | uci add_list network.wgserver.allowed_ips=" | ||
+ | uci add_list network.wgserver.allowed_ips="::/ | ||
+ | </ | ||
+ |