Version 19 - Historique - Wireguard - Aquilenet - L'atelier d'Aquilenet

Wireguard » Historique » Version 19

xavier, 07/03/2019 01:46
Debian, date ISO

-sacha
+# Wireguard
-sacha
+Le VPN Kiss, utilisant les dernières règles de l'art, construit pour être audité & performant ! au revoir IPSec & OpenVPN !
-xavier
+Dans le Kernel Linux via DKMS pour l'instant (2018-10-10) et en userspace écrit en GO (en cours de migration en Rust) sur les autres plateformes (*BSD, OpenWRT, Android, Windows).
 sacha
-xavier
+Sous Debian « Stretch » 9.8 (distribution stable au 2019-03-07), les paquets `wireguard{,-dkms,-modules}` sont disponibles et installés (eux seuls) exclusivement depuis le dépôt `unstable`, en version 0.0.20190227-1.
-sacha
+## Installation
 https://www.wireguard.com/install/
 ## Configuration
 ### Serveur
 ~~~
 umask 077
 wg genkey > /etc/wireguard/private
 wg genkey | tee /etc/wireguard/private | wg pubkey > /etc/wireguard/publickey
 wg set wg0 private-key /etc/wireguard/private
 ip link set wg0 up
 cat << EOF > /etc/wireguard/wireguard.conf
 [Interface]
 ListenPort = 50000
 PrivateKey = `cat /etc/wireguard/private`
 [Peer]
 PublicKey = Va0X1zOpRc9471Aa3DEUUy7UkAv5aq5SojtIPqOSqwg=
 AllowedIPs = 10.33.33.0/24
 Endpoint = 185.233.100.19:50000
 EOF
 ~~~
 ### Client
 ~~~
 umask 077
 wg genkey | tee /etc/wireguard/private | wg pubkey > /etc/wireguard/publickey
 wg set wg0 private-key /etc/wireguard/private
-stephanie.vieville
+ip link add dev wg0 type wireguard
-sacha
+ip link set wg0 up
 stephanie.vieville
-sacha
+~~~
 sacha
-louis.leveque
+### Config serveur (Hypnos)
 ~~~
 #!/bin/bash
 set -x -e
 # Creating the wireguard interface
 ip link add dev wg0 type wireguard
 # Setting the IP on the wireguard interface
 ip address add dev wg0 185.233.101.127/24
 # Configuring the wireguard server
 wg set wg0 listen-port 50000 private-key /etc/wireguard/private
 # Starting up the wireguard interface
 ip link set up dev wg0
 # Add Client
 wg set wg0 peer W/iRbRNZhftkcmkfS/pUNcyDJ1YHB0cBEDigzed6+B0= allowed-ips 185.233.101.126/32
 # Create the static route for the client
 ip route add 185.233.101.126/32 dev wg0 proto static
 ~~~
 ### Config client
 ~~~
 #!/bin/bash
 set -e -x
 # Creating the wireguard interface
 ip link add dev wg0 type wireguard
 # Setting the IP on the wireguard interface
 ip address add dev wg0 185.233.101.126/24
 # Configuring wireguard
 wg set wg0 private-key ./private
 # Starting up the wireguard interface
 ip link set up dev wg0
 # Connect to the server
 wg set wg0 peer 'XRhI4WqBipwY21pxPZ9Q7EWkypnQCKKtJjqu2tUUTVo=' allowed-ips 0.0.0.0/0 endpoint 185.233.100.9:50000
 ~~~
-sacha
+### 1er test: @Sacha's Home (Fibre Bouygues) --> @Hypnos (VM Aquilenet)
 sacha
-sacha
+~~~
 root@hypnos:/etc/wireguard# iperf3 -s
 -----------------------------------------------------------
 Server listening on 5201
 -----------------------------------------------------------
 Accepted connection from 10.33.33.2, port 60038
 [  5] local 10.33.33.1 port 5201 connected to 10.33.33.2 port 60040
 [ ID] Interval           Transfer     Bandwidth
 [  5]   0.00-1.00   sec  15.1 MBytes   127 Mbits/sec
 [  5]   1.00-2.00   sec  19.9 MBytes   167 Mbits/sec
 [  5]   2.00-3.00   sec  20.1 MBytes   169 Mbits/sec
 [  5]   3.00-4.00   sec  20.1 MBytes   169 Mbits/sec
 [  5]   4.00-5.00   sec  19.7 MBytes   166 Mbits/sec
 [  5]   5.00-6.00   sec  20.0 MBytes   168 Mbits/sec
 [  5]   6.00-7.00   sec  20.2 MBytes   169 Mbits/sec
 [  5]   7.00-8.00   sec  20.2 MBytes   170 Mbits/sec
 [  5]   8.00-9.00   sec  20.1 MBytes   169 Mbits/sec
 [  5]   9.00-10.00  sec  20.2 MBytes   169 Mbits/sec
 [  5]  10.00-10.03  sec   566 KBytes   165 Mbits/sec
 - - - - - - - - - - - - - - - - - - - - - - - - -
 [ ID] Interval           Transfer     Bandwidth
 [  5]   0.00-10.03  sec  0.00 Bytes  0.00 bits/sec                  sender
 [  5]   0.00-10.03  sec   196 MBytes   164 Mbits/sec                  receiver
 -----------------------------------------------------------
 Server listening on 5201
 -----------------------------------------------------------
 ~~~
 ~~~
 root@hypnos:/etc/wireguard# wg
 interface: wg0
   public key: Va0X1zOpRc9471Aa3DEUUy7UkAv5aq5SojtIPqOSqwg=
   private key: (hidden)
   listening port: 50000
 peer: VEfmgnq/aXPX3qBB7Q2fgxAawQdfUYZDRKEQSPC8tnA=
   endpoint: 5.51.0.155:3418
   allowed ips: 10.33.33.0/24
   latest handshake: 4 minutes, 30 seconds ago
   transfer: 208.75 MiB received, 6.68 MiB sent
 ~~~
 sacha
 ## InstallDebian sur Apu2
 https://blog.pgeiser.com/posts/2017/04/installing-debian-stretch-on-a-machine-without-a-graphic-card/
 sacha
-xavier
+~~~
 aptitude install aptitude \ # Hmm?
      dhcpd resolvconf \
      curl dnsutils htop iperf3 tcpdump tmux whois \
-sacha
+     debian-security-support debsums needrestart
-xavier
+~~~
 sacha
 ~~~
 #!/bin/bash
 gw=`ip  route | awk '/default/ { print $3 }'`
-sacha
+sysctl -w net.ipv4.ip_forward=1
-sacha
+ip link add dev wg0 type wireguard
 ip address add dev wg0 10.33.33.2/24
 ip link set up dev wg0
 ip route add 185.233.100.19/32 via $gw dev enp1s0
 ip route del default
 ip route add default dev wg0
 wg setconf wg0 /etc/wireguard/wg0.conf
 ~~~
 sacha
 https://git.zx2c4.com/WireGuard/about/src/tools/man/wg-quick.8
 https://git.zx2c4.com/WireGuard/about/src/tools/wg.8
 sacha
 https://vincent.bernat.ch/fr/blog/2018-vpn-wireguard-route

Projet

Général

Profil

Aquilenet

Wireguard » Historique » Version 19