Projet

Général

Profil

Wireguard » Historique » Version 16

sacha, 18/11/2018 21:38

1 1 sacha
# Wireguard
2
3 14 sacha
Le VPN Kiss, utilisant les dernières règles de l'art, construit pour être audité & performant ! au revoir IPSec & OpenVPN !
4 15 sacha
Dans le Kernel Linux via DKMS pour l'instant (10/10/18) et en userspace écrit en GO (en cours de migration en Rust) sur les autres plateformes (*BSD, OpenWRT, Android, Windows).
5 1 sacha
6
## Installation
7
8
https://www.wireguard.com/install/
9
10
## Configuration
11
12
### Serveur
13
14
~~~
15
umask 077
16
wg genkey > /etc/wireguard/private
17
wg genkey | tee /etc/wireguard/private | wg pubkey > /etc/wireguard/publickey
18
wg set wg0 private-key /etc/wireguard/private
19
ip link set wg0 up
20
21
cat << EOF > /etc/wireguard/wireguard.conf
22
[Interface]
23
ListenPort = 50000 
24
PrivateKey = `cat /etc/wireguard/private`
25
26
[Peer]
27
PublicKey = Va0X1zOpRc9471Aa3DEUUy7UkAv5aq5SojtIPqOSqwg=
28
AllowedIPs = 10.33.33.0/24
29
Endpoint = 185.233.100.19:50000
30
EOF
31
32
~~~
33
34
### Client
35
36
~~~
37
umask 077
38
wg genkey | tee /etc/wireguard/private | wg pubkey > /etc/wireguard/publickey
39
wg set wg0 private-key /etc/wireguard/private
40
ip link set wg0 up
41
~~~
42 2 sacha
43 12 louis.leveque
### Config serveur (Hypnos)
44
45
~~~
46
#!/bin/bash
47
48
set -x -e
49
50
# Creating the wireguard interface
51
ip link add dev wg0 type wireguard
52
53
# Setting the IP on the wireguard interface
54
ip address add dev wg0 185.233.101.127/24
55
56
# Configuring the wireguard server
57
wg set wg0 listen-port 50000 private-key /etc/wireguard/private
58
59
# Starting up the wireguard interface
60
ip link set up dev wg0
61
62
# Add Client
63
wg set wg0 peer W/iRbRNZhftkcmkfS/pUNcyDJ1YHB0cBEDigzed6+B0= allowed-ips 185.233.101.126/32
64
65
# Create the static route for the client
66
ip route add 185.233.101.126/32 dev wg0 proto static
67
~~~
68
69
### Config client
70
71
~~~
72
#!/bin/bash
73
74
set -e -x
75
76
# Creating the wireguard interface
77
ip link add dev wg0 type wireguard
78
79
# Setting the IP on the wireguard interface
80
ip address add dev wg0 185.233.101.126/24
81
82
# Configuring wireguard
83
wg set wg0 private-key ./private
84
85
# Starting up the wireguard interface
86
ip link set up dev wg0
87
88
# Connect to the server
89
wg set wg0 peer 'XRhI4WqBipwY21pxPZ9Q7EWkypnQCKKtJjqu2tUUTVo=' allowed-ips 0.0.0.0/0 endpoint 185.233.100.9:50000
90
~~~
91
92 4 sacha
### 1er test: @Sacha's Home (Fibre Bouygues) --> @Hypnos (VM Aquilenet)
93 3 sacha
94 2 sacha
~~~
95
96
root@hypnos:/etc/wireguard# iperf3 -s
97
-----------------------------------------------------------
98
Server listening on 5201
99
-----------------------------------------------------------
100
Accepted connection from 10.33.33.2, port 60038
101
[  5] local 10.33.33.1 port 5201 connected to 10.33.33.2 port 60040
102
[ ID] Interval           Transfer     Bandwidth
103
[  5]   0.00-1.00   sec  15.1 MBytes   127 Mbits/sec                  
104
[  5]   1.00-2.00   sec  19.9 MBytes   167 Mbits/sec                  
105
[  5]   2.00-3.00   sec  20.1 MBytes   169 Mbits/sec                  
106
[  5]   3.00-4.00   sec  20.1 MBytes   169 Mbits/sec                  
107
[  5]   4.00-5.00   sec  19.7 MBytes   166 Mbits/sec                  
108
[  5]   5.00-6.00   sec  20.0 MBytes   168 Mbits/sec                  
109
[  5]   6.00-7.00   sec  20.2 MBytes   169 Mbits/sec                  
110
[  5]   7.00-8.00   sec  20.2 MBytes   170 Mbits/sec                  
111
[  5]   8.00-9.00   sec  20.1 MBytes   169 Mbits/sec                  
112
[  5]   9.00-10.00  sec  20.2 MBytes   169 Mbits/sec                  
113
[  5]  10.00-10.03  sec   566 KBytes   165 Mbits/sec                  
114
- - - - - - - - - - - - - - - - - - - - - - - - -
115
[ ID] Interval           Transfer     Bandwidth
116
[  5]   0.00-10.03  sec  0.00 Bytes  0.00 bits/sec                  sender
117
[  5]   0.00-10.03  sec   196 MBytes   164 Mbits/sec                  receiver
118
-----------------------------------------------------------
119
Server listening on 5201
120
-----------------------------------------------------------
121
~~~
122
123
124
~~~
125
root@hypnos:/etc/wireguard# wg
126
interface: wg0
127
  public key: Va0X1zOpRc9471Aa3DEUUy7UkAv5aq5SojtIPqOSqwg=
128
  private key: (hidden)
129
  listening port: 50000
130
131
peer: VEfmgnq/aXPX3qBB7Q2fgxAawQdfUYZDRKEQSPC8tnA=
132
  endpoint: 5.51.0.155:3418
133
  allowed ips: 10.33.33.0/24
134
  latest handshake: 4 minutes, 30 seconds ago
135
  transfer: 208.75 MiB received, 6.68 MiB sent
136
~~~
137 5 sacha
138
## InstallDebian sur Apu2
139
140
https://blog.pgeiser.com/posts/2017/04/installing-debian-stretch-on-a-machine-without-a-graphic-card/
141 6 sacha
142 13 sacha
aptitude install dhcpd tmux whois aptitude dnsutils curl htop resolvconf
143 8 sacha
144
145
~~~
146
#!/bin/bash
147
gw=`ip  route | awk '/default/ { print $3 }'`
148 9 sacha
sysctl -w net.ipv4.ip_forward=1
149 8 sacha
ip link add dev wg0 type wireguard
150
ip address add dev wg0 10.33.33.2/24
151
ip link set up dev wg0
152
ip route add 185.233.100.19/32 via $gw dev enp1s0
153
ip route del default
154
ip route add default dev wg0
155
wg setconf wg0 /etc/wireguard/wg0.conf
156
~~~
157 10 sacha
158
https://git.zx2c4.com/WireGuard/about/src/tools/man/wg-quick.8
159
https://git.zx2c4.com/WireGuard/about/src/tools/wg.8
160 16 sacha
161
https://vincent.bernat.ch/fr/blog/2018-vpn-wireguard-route