WireGuard VPN
Contingut
WireGuard Server
WireGuard Client
Instal·ladors del client de WireGuard per altres sistemes operatius
Instal·lació de la VPN WireGuard a Raspberry Pi OS
WireGuard Client: Raspberry Pi OS
- Des del terminal de la Raspberry Pi:
sudo apt update sudo apt install wireguard
- Aneu al servidor WireGuard (no a la Raspberry Pi) i copieu la clau pública:
$ sudo wg show wg0 interface: wg0 public key: kj***************************************0Q= private key: (hidden) listening port: 51820
- Torneu al terminal de la Raspberry Pi:
(umask 077 && wg genkey > wg-private.key) wg pubkey < wg-private.key > wg-public.key cat wg-private.key 4H***************************************E0= cat wg-public.key Tu***************************************TE= sudo nano /etc/wireguard/wg0.conf
Aquest ha de ser el contingut de l'arxiu /etc/wireguard/wg0.conf:
# define the local WireGuard interface (client) [Interface] # contents of file wg-private.key that was recently created PrivateKey = 4H***************************************E0= # define the remote WireGuard interface (server) [Peer] # contents of wg-public.key on the WireGuard server PublicKey = kj***************************************0Q= # the IP address of the server on the WireGuard network # AllowedIPs = 10.0.2.1/32 AllowedIPs = 0.0.0.0/0, ::/0 PersistentKeepalive = 25 # public IP address and port of the WireGuard server Endpoint = 51.1*.**.**:51820
Feu un nou arxiu anomenat /etc/network/interfaces.d/wg0:
sudo nano /etc/network/interfaces.d/wg0
I poseu aquest contingut (amb la IP de la VPN Wireguard per a aquesta Raspberry Pi):
# indicate that wg0 should be created when the system boots, and on ifup -a
auto wg0
# describe wg0 as an IPv4 interface with static address
iface wg0 inet static
# the IP address of this client on the WireGuard network
address 10.0.2.11/24
# before ifup, create the device with this ip link command
pre-up ip link add $IFACE type wireguard
# before ifup, set the WireGuard config from earlier
pre-up wg setconf $IFACE /etc/wireguard/$IFACE.conf
# after ifdown, destroy the wg0 interface
post-down ip link del $IFACE
- Aneu al servidor WireGuard (no a la Raspberry Pi) i editeu l'arxiu /etc/wireguard/wg0.conf (sudo nano /etc/wireguard/wg0.conf) afegint-hi al final:
# define the remote WireGuard interface (client) [Peer] # contents of file wg-public.key on the WireGuard client PublicKey = Tu***************************************TE= # the IP address of the client on the WireGuard network AllowedIPs = 10.0.2.11/32
I actualitzeu el servidor de la VPN WireGuard:
sudo wg syncconf wg0 /etc/wireguard/wg0.conf
- Torneu al terminal de la Raspberry Pi:
sudo ifup wg0
Verifiqueu que podeu veure la interfície de xarxa wg0:
ip address show dev wg0
Verifiqueu que hi ha hagut tràfic entre el servidor de la VPN WireGuard i el client (a la Raspberry Pi):
sudo wg show wg0
WireGuard a Android
Client d'Android de l'aplicació WireGuard
- Per a crear les claus privada i pública per a Android des del servidor:
Generating WireGuard QR codes for fast mobile deployments
- Configuració de l'aplicació d'Android:
How to configure a WireGuard Android VPN Client
L'apartat Add your client to your server no m'ha funcionat. Per a que em funcioni he fet:
He afegit al final de l'arxiu /etc/wireguard/wg0.conf del servidor (l'adreça 10.0.2.6 és la IP que tindrà el mòbil a la VPN WireGuard):
[Peer] PublicKey = Fn***************************************RU= AllowedIPs = 10.0.2.6/32
I al final li he dit a WireGuard que recarregui la nova configuració:
sudo wg syncconf wg0 /etc/wireguard/wg0.conf
Exemple de configuració
Al servidor
sudo wg show wg0
Arxiu /etc/wireguard/wg0.conf :
# define the WireGuard service [Interface] # contents of file wg-private.key that was recently created PrivateKey = SD***************************************1Q= # UDP service port; 51820 is a common choice for WireGuard ListenPort = 51820 # define the remote WireGuard interface (client) [Peer] # contents of file wg-public.key on the WireGuard client PublicKey = EG***************************************yI= # the IP address of the client on the WireGuard network AllowedIPs = 10.0.2.2/32 # define the remote WireGuard interface (client) [Peer] # contents of file wg-public.key on the WireGuard client PublicKey = Pw***************************************gQ= # the IP address of the client on the WireGuard network AllowedIPs = 10.0.2.5/32
Al client
sudo cat /etc/wireguard/wg0.conf
Per a que hi hagi visibilitat entre diferents clients de la VPN cal comentar l'exclusivitat de connexió al servidor (10.0.2.1/32) i permetre que altres hi puguin accedir (0.0.0.0/0). I per a mantenir la persistència del túnel s'ha afegit PersistentKeepalive:
# AllowedIPs = 10.0.2.1/32 AllowedIPs = 0.0.0.0/0, ::/0 PersistentKeepalive = 25
A un client Android
Interfície correspon al mòbil
Parell (Peer) correspon al servidor a on és allotjada la VPN WireGuard
Podeu editar els valors prement la icona del llapis
