WireGuard Server

WireGuard Server: Debian

WireGuard Client

WireGuard Client: Debian

Instal·ladors del client de WireGuard per altres sistemes operatius

Instal·lació de la VPN WireGuard a Raspberry Pi OS

WireGuard Client: Raspberry Pi OS

• Des del terminal de la Raspberry Pi:

sudo apt update
sudo apt install wireguard

• Aneu al servidor WireGuard (no a la Raspberry Pi) i copieu la clau pública:

$ sudo wg show wg0
interface: wg0
 public key: kj***************************************0Q=
 private key: (hidden)
 listening port: 51820

• Torneu al terminal de la Raspberry Pi:

(umask 077 && wg genkey > wg-private.key)
wg pubkey < wg-private.key > wg-public.key
cat wg-private.key
4H***************************************E0=
cat wg-public.key 
Tu***************************************TE=
sudo nano /etc/wireguard/wg0.conf

Aquest ha de ser el contingut de l'arxiu /etc/wireguard/wg0.conf:

# define the local WireGuard interface (client)
[Interface]

# contents of file wg-private.key that was recently created
PrivateKey = 4H***************************************E0=

# define the remote WireGuard interface (server)
[Peer]

# contents of wg-public.key on the WireGuard server
PublicKey = kj***************************************0Q=

# the IP address of the server on the WireGuard network 
AllowedIPs = 10.0.2.11/32

# public IP address and port of the WireGuard server
Endpoint = 51.1*.**.**:51820

• Aneu al servidor WireGuard (no a la Raspberry Pi) i editeu l'arxiu /etc/wireguard/wg0.conf afegint-hi al final:

# define the remote WireGuard interface (client)
[Peer]

# contents of file wg-public.key on the WireGuard client
PublicKey = Tu***************************************TE=

# the IP address of the client on the WireGuard network
AllowedIPs = 10.0.2.11/32

WireGuard a Android

Client d'Android de l'aplicació WireGuard

• Per a crear les claus privada i pública per a Android des del servidor:

Generating WireGuard QR codes for fast mobile deployments

• Configuració de l'aplicació d'Android:

How to configure a WireGuard Android VPN Client

L'apartat Add your client to your server no m'ha funcionat. Per a que em funcioni he fet:

He afegit al final de l'arxiu /etc/wireguard/wg0.conf del servidor (l'adreça 10.0.2.6 és la IP que tindrà el mòbil a la VPN WireGuard):

[Peer]

PublicKey = Fn***************************************RU=

AllowedIPs = 10.0.2.6/32

I al final li he dit a WireGuard que recarregui la nova configuració:

sudo wg syncconf wg0 /etc/wireguard/wg0.conf

Exemple de configuració

Al servidor

sudo wg show wg0

Server:~$ sudo wg show wg0

Arxiu /etc/wireguard/wg0.conf :

# define the WireGuard service
[Interface]

# contents of file wg-private.key that was recently created
PrivateKey = SD***************************************1Q=

# UDP service port; 51820 is a common choice for WireGuard
ListenPort = 51820

# define the remote WireGuard interface (client)
[Peer]

# contents of file wg-public.key on the WireGuard client
PublicKey = EG***************************************yI=

# the IP address of the client on the WireGuard network
AllowedIPs = 10.0.2.2/32

# define the remote WireGuard interface (client)
[Peer]

# contents of file wg-public.key on the WireGuard client
PublicKey = Pw***************************************gQ=

# the IP address of the client on the WireGuard network
AllowedIPs = 10.0.2.5/32

Al client

sudo cat /etc/wireguard/wg0.conf

Client:~$ sudo cat /etc/wireguard/wg0.conf

Per a que hi hagi visibilitat entre diferents clients de la VPN cal comentar l'exclusivitat de connexió al servidor (10.0.2.1/32) i permetre que altres hi puguin accedir (0.0.0.0/0). I per a mantenir la persistència del túnel s'ha afegit PersistentKeepalive:

# AllowedIPs = 10.0.2.1/32
AllowedIPs = 0.0.0.0/0, ::/0

PersistentKeepalive = 25

A un client Android

Interfície correspon al mòbil

Parell (Peer) correspon al servidor a on és allotjada la VPN WireGuard

Podeu editar els valors prement la icona del llapis

Client Android