Diferència entre revisions de la pàgina «WireGuard VPN»
m (→Instal·lació de la VPN WireGuard a Raspberry Pi OS) |
m (→Instal·lació de la VPN WireGuard a Raspberry Pi OS) |
||
| (Hi ha 11 revisions intermèdies del mateix usuari que no es mostren) | |||
| Línia 8: | Línia 8: | ||
[https://wireguard.how/client/raspberry-pi-os/ WireGuard Client: Raspberry Pi OS] | [https://wireguard.how/client/raspberry-pi-os/ WireGuard Client: Raspberry Pi OS] | ||
| − | Des del terminal de la Raspberry Pi: | + | * Des del terminal de la Raspberry Pi: |
sudo apt update | sudo apt update | ||
sudo apt install '''wireguard''' | sudo apt install '''wireguard''' | ||
| − | Aneu al servidor WireGuard (no a la Raspberry Pi) i copieu la clau pública: | + | * Aneu al servidor WireGuard (no a la Raspberry Pi) i copieu la clau pública: |
$ '''sudo wg show wg0''' | $ '''sudo wg show wg0''' | ||
interface: wg0 | interface: wg0 | ||
| Línia 19: | Línia 19: | ||
listening port: 51820 | listening port: 51820 | ||
| − | Torneu al terminal de la Raspberry Pi: | + | * Torneu al terminal de la Raspberry Pi: |
'''(umask 077 && wg genkey > wg-private.key)''' | '''(umask 077 && wg genkey > wg-private.key)''' | ||
'''wg pubkey < wg-private.key > wg-public.key''' | '''wg pubkey < wg-private.key > wg-public.key''' | ||
'''cat wg-private.key''' | '''cat wg-private.key''' | ||
4H***************************************E0= | 4H***************************************E0= | ||
| + | '''cat wg-public.key''' | ||
| + | Tu***************************************TE= | ||
'''sudo nano /etc/wireguard/wg0.conf''' | '''sudo nano /etc/wireguard/wg0.conf''' | ||
| Línia 40: | Línia 42: | ||
# the IP address of the server on the WireGuard network | # the IP address of the server on the WireGuard network | ||
| − | AllowedIPs = ''' | + | # AllowedIPs = 10.0.2.1/32 |
| + | AllowedIPs = '''0.0.0.0/0, ::/0''' | ||
| + | |||
| + | '''PersistentKeepalive = 25''' | ||
# public IP address and port of the WireGuard server | # public IP address and port of the WireGuard server | ||
| − | Endpoint = '''51.1*.**.* | + | Endpoint = '''51.1*.**.**''':51820 |
| + | Feu un nou arxiu anomenat ''/etc/network/interfaces.d/wg0'': | ||
| + | sudo nano /etc/network/interfaces.d/wg0 | ||
| + | I poseu aquest contingut (amb la IP de la VPN Wireguard per a aquesta Raspberry Pi): | ||
| + | # indicate that wg0 should be created when the system boots, and on ifup -a | ||
| + | auto wg0 | ||
| + | |||
| + | # describe wg0 as an IPv4 interface with static address | ||
| + | iface wg0 inet static | ||
| + | |||
| + | # the IP address of this client on the WireGuard network | ||
| + | address '''10.0.2.11'''/24 | ||
| + | |||
| + | # before ifup, create the device with this ip link command | ||
| + | pre-up ip link add $IFACE type wireguard | ||
| + | |||
| + | # before ifup, set the WireGuard config from earlier | ||
| + | pre-up wg setconf $IFACE /etc/wireguard/$IFACE.conf | ||
| + | |||
| + | # after ifdown, destroy the wg0 interface | ||
| + | post-down ip link del $IFACE | ||
| + | |||
| + | * Aneu al servidor WireGuard (no a la Raspberry Pi) i editeu l'arxiu ''/etc/wireguard/wg0.conf'' ('''sudo nano /etc/wireguard/wg0.conf''') afegint-hi al final: | ||
| + | # define the remote WireGuard interface (client) | ||
| + | [Peer] | ||
| + | |||
| + | # contents of file wg-public.key on the WireGuard client | ||
| + | PublicKey = '''Tu***************************************TE=''' | ||
| + | |||
| + | # the IP address of the client on the WireGuard network | ||
| + | AllowedIPs = '''10.0.2.11'''/32 | ||
| + | |||
| + | I actualitzeu el servidor de la VPN WireGuard: | ||
| + | '''sudo wg syncconf wg0 /etc/wireguard/wg0.conf''' | ||
| + | * Torneu al terminal de la Raspberry Pi: | ||
| + | '''sudo ifup wg0''' | ||
| + | Verifiqueu que podeu veure la interfície de xarxa ''wg0'': | ||
| + | '''ip address show dev wg0''' | ||
| + | Verifiqueu que hi ha hagut tràfic entre el servidor de la VPN WireGuard i el client (a la Raspberry Pi): | ||
| + | '''sudo wg show wg0''' | ||
= WireGuard a Android = | = WireGuard a Android = | ||
Revisió de 18:47, 30 juny 2024
Contingut
WireGuard Server
WireGuard Client
Instal·ladors del client de WireGuard per altres sistemes operatius
Instal·lació de la VPN WireGuard a Raspberry Pi OS
WireGuard Client: Raspberry Pi OS
- Des del terminal de la Raspberry Pi:
sudo apt update sudo apt install wireguard
- Aneu al servidor WireGuard (no a la Raspberry Pi) i copieu la clau pública:
$ sudo wg show wg0 interface: wg0 public key: kj***************************************0Q= private key: (hidden) listening port: 51820
- Torneu al terminal de la Raspberry Pi:
(umask 077 && wg genkey > wg-private.key) wg pubkey < wg-private.key > wg-public.key cat wg-private.key 4H***************************************E0= cat wg-public.key Tu***************************************TE= sudo nano /etc/wireguard/wg0.conf
Aquest ha de ser el contingut de l'arxiu /etc/wireguard/wg0.conf:
# define the local WireGuard interface (client) [Interface] # contents of file wg-private.key that was recently created PrivateKey = 4H***************************************E0= # define the remote WireGuard interface (server) [Peer] # contents of wg-public.key on the WireGuard server PublicKey = kj***************************************0Q= # the IP address of the server on the WireGuard network # AllowedIPs = 10.0.2.1/32 AllowedIPs = 0.0.0.0/0, ::/0 PersistentKeepalive = 25 # public IP address and port of the WireGuard server Endpoint = 51.1*.**.**:51820
Feu un nou arxiu anomenat /etc/network/interfaces.d/wg0:
sudo nano /etc/network/interfaces.d/wg0
I poseu aquest contingut (amb la IP de la VPN Wireguard per a aquesta Raspberry Pi):
# indicate that wg0 should be created when the system boots, and on ifup -a
auto wg0
# describe wg0 as an IPv4 interface with static address
iface wg0 inet static
# the IP address of this client on the WireGuard network
address 10.0.2.11/24
# before ifup, create the device with this ip link command
pre-up ip link add $IFACE type wireguard
# before ifup, set the WireGuard config from earlier
pre-up wg setconf $IFACE /etc/wireguard/$IFACE.conf
# after ifdown, destroy the wg0 interface
post-down ip link del $IFACE
- Aneu al servidor WireGuard (no a la Raspberry Pi) i editeu l'arxiu /etc/wireguard/wg0.conf (sudo nano /etc/wireguard/wg0.conf) afegint-hi al final:
# define the remote WireGuard interface (client) [Peer] # contents of file wg-public.key on the WireGuard client PublicKey = Tu***************************************TE= # the IP address of the client on the WireGuard network AllowedIPs = 10.0.2.11/32
I actualitzeu el servidor de la VPN WireGuard:
sudo wg syncconf wg0 /etc/wireguard/wg0.conf
- Torneu al terminal de la Raspberry Pi:
sudo ifup wg0
Verifiqueu que podeu veure la interfície de xarxa wg0:
ip address show dev wg0
Verifiqueu que hi ha hagut tràfic entre el servidor de la VPN WireGuard i el client (a la Raspberry Pi):
sudo wg show wg0
WireGuard a Android
Client d'Android de l'aplicació WireGuard
- Per a crear les claus privada i pública per a Android des del servidor:
Generating WireGuard QR codes for fast mobile deployments
- Configuració de l'aplicació d'Android:
How to configure a WireGuard Android VPN Client
L'apartat Add your client to your server no m'ha funcionat. Per a que em funcioni he fet:
He afegit al final de l'arxiu /etc/wireguard/wg0.conf del servidor (l'adreça 10.0.2.6 és la IP que tindrà el mòbil a la VPN WireGuard):
[Peer] PublicKey = Fn***************************************RU= AllowedIPs = 10.0.2.6/32
I al final li he dit a WireGuard que recarregui la nova configuració:
sudo wg syncconf wg0 /etc/wireguard/wg0.conf
Exemple de configuració
Al servidor
sudo wg show wg0
Arxiu /etc/wireguard/wg0.conf :
# define the WireGuard service [Interface] # contents of file wg-private.key that was recently created PrivateKey = SD***************************************1Q= # UDP service port; 51820 is a common choice for WireGuard ListenPort = 51820 # define the remote WireGuard interface (client) [Peer] # contents of file wg-public.key on the WireGuard client PublicKey = EG***************************************yI= # the IP address of the client on the WireGuard network AllowedIPs = 10.0.2.2/32 # define the remote WireGuard interface (client) [Peer] # contents of file wg-public.key on the WireGuard client PublicKey = Pw***************************************gQ= # the IP address of the client on the WireGuard network AllowedIPs = 10.0.2.5/32
Al client
sudo cat /etc/wireguard/wg0.conf
Per a que hi hagi visibilitat entre diferents clients de la VPN cal comentar l'exclusivitat de connexió al servidor (10.0.2.1/32) i permetre que altres hi puguin accedir (0.0.0.0/0). I per a mantenir la persistència del túnel s'ha afegit PersistentKeepalive:
# AllowedIPs = 10.0.2.1/32 AllowedIPs = 0.0.0.0/0, ::/0 PersistentKeepalive = 25
A un client Android
Interfície correspon al mòbil
Parell (Peer) correspon al servidor a on és allotjada la VPN WireGuard
Podeu editar els valors prement la icona del llapis
