Wireguard » Historique » Révision 16
Révision 15 (sacha, 10/10/2018 09:35) → Révision 16/46 (sacha, 18/11/2018 21:38)
# Wireguard
Le VPN Kiss, utilisant les dernières règles de l'art, construit pour être audité & performant ! au revoir IPSec & OpenVPN !
Dans le Kernel Linux via DKMS pour l'instant (10/10/18) et en userspace écrit en GO (en cours de migration en Rust) sur les autres plateformes (*BSD, OpenWRT, Android, Windows).
## Installation
https://www.wireguard.com/install/
## Configuration
### Serveur
~~~
umask 077
wg genkey > /etc/wireguard/private
wg genkey | tee /etc/wireguard/private | wg pubkey > /etc/wireguard/publickey
wg set wg0 private-key /etc/wireguard/private
ip link set wg0 up
cat << EOF > /etc/wireguard/wireguard.conf
[Interface]
ListenPort = 50000
PrivateKey = `cat /etc/wireguard/private`
[Peer]
PublicKey = Va0X1zOpRc9471Aa3DEUUy7UkAv5aq5SojtIPqOSqwg=
AllowedIPs = 10.33.33.0/24
Endpoint = 185.233.100.19:50000
EOF
~~~
### Client
~~~
umask 077
wg genkey | tee /etc/wireguard/private | wg pubkey > /etc/wireguard/publickey
wg set wg0 private-key /etc/wireguard/private
ip link set wg0 up
~~~
### Config serveur (Hypnos)
~~~
#!/bin/bash
set -x -e
# Creating the wireguard interface
ip link add dev wg0 type wireguard
# Setting the IP on the wireguard interface
ip address add dev wg0 185.233.101.127/24
# Configuring the wireguard server
wg set wg0 listen-port 50000 private-key /etc/wireguard/private
# Starting up the wireguard interface
ip link set up dev wg0
# Add Client
wg set wg0 peer W/iRbRNZhftkcmkfS/pUNcyDJ1YHB0cBEDigzed6+B0= allowed-ips 185.233.101.126/32
# Create the static route for the client
ip route add 185.233.101.126/32 dev wg0 proto static
~~~
### Config client
~~~
#!/bin/bash
set -e -x
# Creating the wireguard interface
ip link add dev wg0 type wireguard
# Setting the IP on the wireguard interface
ip address add dev wg0 185.233.101.126/24
# Configuring wireguard
wg set wg0 private-key ./private
# Starting up the wireguard interface
ip link set up dev wg0
# Connect to the server
wg set wg0 peer 'XRhI4WqBipwY21pxPZ9Q7EWkypnQCKKtJjqu2tUUTVo=' allowed-ips 0.0.0.0/0 endpoint 185.233.100.9:50000
~~~
### 1er test: @Sacha's Home (Fibre Bouygues) --> @Hypnos (VM Aquilenet)
~~~
root@hypnos:/etc/wireguard# iperf3 -s
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
Accepted connection from 10.33.33.2, port 60038
[ 5] local 10.33.33.1 port 5201 connected to 10.33.33.2 port 60040
[ ID] Interval Transfer Bandwidth
[ 5] 0.00-1.00 sec 15.1 MBytes 127 Mbits/sec
[ 5] 1.00-2.00 sec 19.9 MBytes 167 Mbits/sec
[ 5] 2.00-3.00 sec 20.1 MBytes 169 Mbits/sec
[ 5] 3.00-4.00 sec 20.1 MBytes 169 Mbits/sec
[ 5] 4.00-5.00 sec 19.7 MBytes 166 Mbits/sec
[ 5] 5.00-6.00 sec 20.0 MBytes 168 Mbits/sec
[ 5] 6.00-7.00 sec 20.2 MBytes 169 Mbits/sec
[ 5] 7.00-8.00 sec 20.2 MBytes 170 Mbits/sec
[ 5] 8.00-9.00 sec 20.1 MBytes 169 Mbits/sec
[ 5] 9.00-10.00 sec 20.2 MBytes 169 Mbits/sec
[ 5] 10.00-10.03 sec 566 KBytes 165 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth
[ 5] 0.00-10.03 sec 0.00 Bytes 0.00 bits/sec sender
[ 5] 0.00-10.03 sec 196 MBytes 164 Mbits/sec receiver
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
~~~
~~~
root@hypnos:/etc/wireguard# wg
interface: wg0
public key: Va0X1zOpRc9471Aa3DEUUy7UkAv5aq5SojtIPqOSqwg=
private key: (hidden)
listening port: 50000
peer: VEfmgnq/aXPX3qBB7Q2fgxAawQdfUYZDRKEQSPC8tnA=
endpoint: 5.51.0.155:3418
allowed ips: 10.33.33.0/24
latest handshake: 4 minutes, 30 seconds ago
transfer: 208.75 MiB received, 6.68 MiB sent
~~~
## InstallDebian sur Apu2
https://blog.pgeiser.com/posts/2017/04/installing-debian-stretch-on-a-machine-without-a-graphic-card/
aptitude install dhcpd tmux whois aptitude dnsutils curl htop resolvconf
~~~
#!/bin/bash
gw=`ip route | awk '/default/ { print $3 }'`
sysctl -w net.ipv4.ip_forward=1
ip link add dev wg0 type wireguard
ip address add dev wg0 10.33.33.2/24
ip link set up dev wg0
ip route add 185.233.100.19/32 via $gw dev enp1s0
ip route del default
ip route add default dev wg0
wg setconf wg0 /etc/wireguard/wg0.conf
~~~
https://git.zx2c4.com/WireGuard/about/src/tools/man/wg-quick.8
https://git.zx2c4.com/WireGuard/about/src/tools/wg.8
https://vincent.bernat.ch/fr/blog/2018-vpn-wireguard-route