Wireguard » Historique » Version 13
sacha, 10/10/2018 00:09
| 1 | 1 | sacha | # Wireguard |
|---|---|---|---|
| 2 | |||
| 3 | 7 | sacha | Le VPN Kiss, utilisant les dernières règles de l'art, construit pour être audité & performant ! au revoir IPSec & OpenVPN ? |
| 4 | 1 | sacha | |
| 5 | ## Installation |
||
| 6 | |||
| 7 | https://www.wireguard.com/install/ |
||
| 8 | |||
| 9 | ## Configuration |
||
| 10 | |||
| 11 | ### Serveur |
||
| 12 | |||
| 13 | ~~~ |
||
| 14 | umask 077 |
||
| 15 | wg genkey > /etc/wireguard/private |
||
| 16 | wg genkey | tee /etc/wireguard/private | wg pubkey > /etc/wireguard/publickey |
||
| 17 | wg set wg0 private-key /etc/wireguard/private |
||
| 18 | ip link set wg0 up |
||
| 19 | |||
| 20 | cat << EOF > /etc/wireguard/wireguard.conf |
||
| 21 | [Interface] |
||
| 22 | ListenPort = 50000 |
||
| 23 | PrivateKey = `cat /etc/wireguard/private` |
||
| 24 | |||
| 25 | [Peer] |
||
| 26 | PublicKey = Va0X1zOpRc9471Aa3DEUUy7UkAv5aq5SojtIPqOSqwg= |
||
| 27 | AllowedIPs = 10.33.33.0/24 |
||
| 28 | Endpoint = 185.233.100.19:50000 |
||
| 29 | EOF |
||
| 30 | |||
| 31 | ~~~ |
||
| 32 | |||
| 33 | ### Client |
||
| 34 | |||
| 35 | ~~~ |
||
| 36 | umask 077 |
||
| 37 | wg genkey | tee /etc/wireguard/private | wg pubkey > /etc/wireguard/publickey |
||
| 38 | wg set wg0 private-key /etc/wireguard/private |
||
| 39 | ip link set wg0 up |
||
| 40 | ~~~ |
||
| 41 | 2 | sacha | |
| 42 | 12 | louis.leveque | ### Config serveur (Hypnos) |
| 43 | |||
| 44 | ~~~ |
||
| 45 | #!/bin/bash |
||
| 46 | |||
| 47 | set -x -e |
||
| 48 | |||
| 49 | # Creating the wireguard interface |
||
| 50 | ip link add dev wg0 type wireguard |
||
| 51 | |||
| 52 | # Setting the IP on the wireguard interface |
||
| 53 | ip address add dev wg0 185.233.101.127/24 |
||
| 54 | |||
| 55 | # Configuring the wireguard server |
||
| 56 | wg set wg0 listen-port 50000 private-key /etc/wireguard/private |
||
| 57 | |||
| 58 | # Starting up the wireguard interface |
||
| 59 | ip link set up dev wg0 |
||
| 60 | |||
| 61 | # Add Client |
||
| 62 | wg set wg0 peer W/iRbRNZhftkcmkfS/pUNcyDJ1YHB0cBEDigzed6+B0= allowed-ips 185.233.101.126/32 |
||
| 63 | |||
| 64 | # Create the static route for the client |
||
| 65 | ip route add 185.233.101.126/32 dev wg0 proto static |
||
| 66 | ~~~ |
||
| 67 | |||
| 68 | ### Config client |
||
| 69 | |||
| 70 | ~~~ |
||
| 71 | #!/bin/bash |
||
| 72 | |||
| 73 | set -e -x |
||
| 74 | |||
| 75 | # Creating the wireguard interface |
||
| 76 | ip link add dev wg0 type wireguard |
||
| 77 | |||
| 78 | # Setting the IP on the wireguard interface |
||
| 79 | ip address add dev wg0 185.233.101.126/24 |
||
| 80 | |||
| 81 | # Configuring wireguard |
||
| 82 | wg set wg0 private-key ./private |
||
| 83 | |||
| 84 | # Starting up the wireguard interface |
||
| 85 | ip link set up dev wg0 |
||
| 86 | |||
| 87 | # Connect to the server |
||
| 88 | wg set wg0 peer 'XRhI4WqBipwY21pxPZ9Q7EWkypnQCKKtJjqu2tUUTVo=' allowed-ips 0.0.0.0/0 endpoint 185.233.100.9:50000 |
||
| 89 | ~~~ |
||
| 90 | |||
| 91 | 4 | sacha | ### 1er test: @Sacha's Home (Fibre Bouygues) --> @Hypnos (VM Aquilenet) |
| 92 | 3 | sacha | |
| 93 | 2 | sacha | ~~~ |
| 94 | |||
| 95 | root@hypnos:/etc/wireguard# iperf3 -s |
||
| 96 | ----------------------------------------------------------- |
||
| 97 | Server listening on 5201 |
||
| 98 | ----------------------------------------------------------- |
||
| 99 | Accepted connection from 10.33.33.2, port 60038 |
||
| 100 | [ 5] local 10.33.33.1 port 5201 connected to 10.33.33.2 port 60040 |
||
| 101 | [ ID] Interval Transfer Bandwidth |
||
| 102 | [ 5] 0.00-1.00 sec 15.1 MBytes 127 Mbits/sec |
||
| 103 | [ 5] 1.00-2.00 sec 19.9 MBytes 167 Mbits/sec |
||
| 104 | [ 5] 2.00-3.00 sec 20.1 MBytes 169 Mbits/sec |
||
| 105 | [ 5] 3.00-4.00 sec 20.1 MBytes 169 Mbits/sec |
||
| 106 | [ 5] 4.00-5.00 sec 19.7 MBytes 166 Mbits/sec |
||
| 107 | [ 5] 5.00-6.00 sec 20.0 MBytes 168 Mbits/sec |
||
| 108 | [ 5] 6.00-7.00 sec 20.2 MBytes 169 Mbits/sec |
||
| 109 | [ 5] 7.00-8.00 sec 20.2 MBytes 170 Mbits/sec |
||
| 110 | [ 5] 8.00-9.00 sec 20.1 MBytes 169 Mbits/sec |
||
| 111 | [ 5] 9.00-10.00 sec 20.2 MBytes 169 Mbits/sec |
||
| 112 | [ 5] 10.00-10.03 sec 566 KBytes 165 Mbits/sec |
||
| 113 | - - - - - - - - - - - - - - - - - - - - - - - - - |
||
| 114 | [ ID] Interval Transfer Bandwidth |
||
| 115 | [ 5] 0.00-10.03 sec 0.00 Bytes 0.00 bits/sec sender |
||
| 116 | [ 5] 0.00-10.03 sec 196 MBytes 164 Mbits/sec receiver |
||
| 117 | ----------------------------------------------------------- |
||
| 118 | Server listening on 5201 |
||
| 119 | ----------------------------------------------------------- |
||
| 120 | ~~~ |
||
| 121 | |||
| 122 | |||
| 123 | ~~~ |
||
| 124 | root@hypnos:/etc/wireguard# wg |
||
| 125 | interface: wg0 |
||
| 126 | public key: Va0X1zOpRc9471Aa3DEUUy7UkAv5aq5SojtIPqOSqwg= |
||
| 127 | private key: (hidden) |
||
| 128 | listening port: 50000 |
||
| 129 | |||
| 130 | peer: VEfmgnq/aXPX3qBB7Q2fgxAawQdfUYZDRKEQSPC8tnA= |
||
| 131 | endpoint: 5.51.0.155:3418 |
||
| 132 | allowed ips: 10.33.33.0/24 |
||
| 133 | latest handshake: 4 minutes, 30 seconds ago |
||
| 134 | transfer: 208.75 MiB received, 6.68 MiB sent |
||
| 135 | ~~~ |
||
| 136 | 5 | sacha | |
| 137 | ## InstallDebian sur Apu2 |
||
| 138 | |||
| 139 | https://blog.pgeiser.com/posts/2017/04/installing-debian-stretch-on-a-machine-without-a-graphic-card/ |
||
| 140 | 6 | sacha | |
| 141 | 13 | sacha | aptitude install dhcpd tmux whois aptitude dnsutils curl htop resolvconf |
| 142 | 8 | sacha | |
| 143 | |||
| 144 | ~~~ |
||
| 145 | #!/bin/bash |
||
| 146 | gw=`ip route | awk '/default/ { print $3 }'` |
||
| 147 | 9 | sacha | sysctl -w net.ipv4.ip_forward=1 |
| 148 | 8 | sacha | ip link add dev wg0 type wireguard |
| 149 | ip address add dev wg0 10.33.33.2/24 |
||
| 150 | ip link set up dev wg0 |
||
| 151 | ip route add 185.233.100.19/32 via $gw dev enp1s0 |
||
| 152 | ip route del default |
||
| 153 | ip route add default dev wg0 |
||
| 154 | wg setconf wg0 /etc/wireguard/wg0.conf |
||
| 155 | ~~~ |
||
| 156 | 10 | sacha | |
| 157 | https://git.zx2c4.com/WireGuard/about/src/tools/man/wg-quick.8 |
||
| 158 | https://git.zx2c4.com/WireGuard/about/src/tools/wg.8 |