Versions Compared

Old Version 18

changes.mady.by.user Mike Tango Bravo

Saved on

compared with

New Version 19

changes.mady.by.user Mike Tango Bravo

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Update the repo

    Code Block
    [root@pikvm pisugar-archlinux]# rw
+ mount -o remount,rw /
+ mount -o remount,rw /boot
+ set +x
=== PiKVM is in Read-Write mode ===
[root@pikvm pisugar-archlinux]# sudo pacman -Syy
:: Synchronizing package databases...
 core                               239.0 KiB  79.1 KiB/s 00:03 [###################################] 100%
 extra                                9.0 MiB   414 KiB/s 00:22 [###################################] 100%
 community                           45.0   B   121   B/s 00:00 [###################################] 100%
 alarm                               94.8 KiB   243 KiB/s 00:00 [###################################] 100%
 aur                                  9.3 KiB  12.1 KiB/s 00:01 [###################################] 100%
 pikvm                               10.7 KiB  3.00 KiB/s 00:04 [###################################] 100%

  2. Install wireguard

    Code Block
    [root@pikvm pisugar-archlinux]# pacman -S wireguard-tools
resolving dependencies...
looking for conflicting packages...

Packages (1) wireguard-tools-1.0.20210914-2

Total Download Size:   0.08 MiB
Total Installed Size:  0.22 MiB

:: Proceed with installation? [Y/n] Y
:: Retrieving packages...
 wireguard-tools-1.0.20210914-...    80.4 KiB  45.4 KiB/s 00:02 [###################################] 100%
(1/1) checking keys in keyring                                  [###################################] 100%
(1/1) checking package integrity                                [###################################] 100%
(1/1) loading package files                                     [###################################] 100%
(1/1) checking for file conflicts                               [###################################] 100%
(1/1) checking available disk space                             [###################################] 100%
:: Processing package changes...
(1/1) installing wireguard-tools                                [###################################] 100%
Optional dependencies for wireguard-tools
    openresolv: for DNS functionality [installed]
    sudo: elevate privileges [installed]
:: Running post-transaction hooks...
(1/2) Reloading system manager configuration...
(2/2) Arming ConditionNeedsUpdate...

  3. Create private and public keys

    Code Block
    wg genkey | tee privatekey | wg pubkey > publickey

  4. Create the config file
    Now you can configure the server, just add a new file called /etc/wireguard/wg0.conf. Insert the following configuration lines and replace the <server-private-key> placeholder with the previously generated private key.

    You need to insert a private IP address for the <server-ip-address> that doesn't interfere with another subnet. Next, replace the <public-interface> with your interface the server should listen on for incoming connections.

  5. Code Block
    vi /etc/wireguard/wg0.conf

[Interface]
PrivateKey=<server-private-key>
Address=<server-ip-address>/<subnet>10.99.0.1/32
SaveConfig=true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o <public-interface>wlan0 -j MASQUERADE;
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o <public-interface>wlan0 -j MASQUERADE;
ListenPort = 5182051821

  6. Configure the wireguard client

    Now, we need to configure the client. Create a new file called /etc/wireguard/wg0.conf. Insert the following configuration lines and replace the <client-private-key> placeholder with the previously generated private key.

    You need to insert a private IP address for the <client-ip-address> in the same subnet like the server's IP address. Next, replace the <server-public-key> with the generated servers public key. And also replace <server-public-ip-address> with the IP address where the server listens for incoming connections.

    Note that if you set the AllowedIPs to 0.0.0.0/0 the client will route ALL traffic through the VPN tunnel. That means, even if the client will access the public internet, this will break out on the server-side. If you don't want route all traffic through the tunnel, you need to replace this with the target IP addresses or networks.

    Code Block
    [Interface]
PrivateKey = <client-private-key>
Address = <client-ip-address>/<subnet>
SaveConfig = true

[Peer]
PublicKey = <server-public-key>
Endpoint = <server-public-ip-address>:51820
AllowedIPs = 0.0.0.0/0

  7. Start and test
    enable the wg0 interface with the following command

  8. Code Block
    wg-quick up wg0

    You can check the status of the connection with this command.

    Code Block
    wg

    Next, you need to add the client to the server configuration file. Otherwise, the tunnel will not be established. Replace the <client-public-key> with the clients generated public key and the <client-ip-address> with the client's IP address on the wg0 interface.

    Code Block
    wg set wg0 peer <client-public-key> allowed-ips <client-ip-address>/32

    Now you can enable the wg0 interface on the server.

    Code Block
    wg-quick up wg0
    Code Block
    wg

  9. Configure auto-start

...