Versions Compared

Old Version 19

changes.mady.by.user Mike Tango Bravo

Saved on

compared with

New Version 20

changes.mady.by.user Mike Tango Bravo

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Update the repo

    Code Block
    [root@pikvm pisugar-archlinux]# rw
+ mount -o remount,rw /
+ mount -o remount,rw /boot
+ set +x
=== PiKVM is in Read-Write mode ===
[root@pikvm pisugar-archlinux]# sudo pacman -Syy
:: Synchronizing package databases...
 core                               239.0 KiB  79.1 KiB/s 00:03 [###################################] 100%
 extra                                9.0 MiB   414 KiB/s 00:22 [###################################] 100%
 community                           45.0   B   121   B/s 00:00 [###################################] 100%
 alarm                               94.8 KiB   243 KiB/s 00:00 [###################################] 100%
 aur                                  9.3 KiB  12.1 KiB/s 00:01 [###################################] 100%
 pikvm                               10.7 KiB  3.00 KiB/s 00:04 [###################################] 100%

  2. Install wireguard

    Code Block
    [root@pikvm pisugar-archlinux]# pacman -S wireguard-tools
resolving dependencies...
looking for conflicting packages...

Packages (1) wireguard-tools-1.0.20210914-2

Total Download Size:   0.08 MiB
Total Installed Size:  0.22 MiB

:: Proceed with installation? [Y/n] Y
:: Retrieving packages...
 wireguard-tools-1.0.20210914-...    80.4 KiB  45.4 KiB/s 00:02 [###################################] 100%
(1/1) checking keys in keyring                                  [###################################] 100%
(1/1) checking package integrity                                [###################################] 100%
(1/1) loading package files                                     [###################################] 100%
(1/1) checking for file conflicts                               [###################################] 100%
(1/1) checking available disk space                             [###################################] 100%
:: Processing package changes...
(1/1) installing wireguard-tools                                [###################################] 100%
Optional dependencies for wireguard-tools
    openresolv: for DNS functionality [installed]
    sudo: elevate privileges [installed]
:: Running post-transaction hooks...
(1/2) Reloading system manager configuration...
(2/2) Arming ConditionNeedsUpdate...

  3. Create private and public keys

    Code Block
    wg genkey | tee privatekey | wg pubkey > publickey

  4. Create the config file
    Now you can configure the server, just add a new file called /etc/wireguard/wg0.conf. Insert the following configuration lines and replace the <server-private-key> placeholder with the previously generated private key.

  5. Code Block
    vi /etc/wireguard/wg0.conf

[Interface]
PrivateKey=<server-private-key>
Address=10.99.0.1/32
SaveConfig=true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE;
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE;
ListenPort = 51821

  6. Configure the wireguard client

    Now, we need to configure the client. Create a new file called /etc/wireguard/wg0.conf. Insert the following configuration lines and replace the <client-private-key> placeholder with the previously generated private key.

    You need to insert a private IP address for the <client-ip-address> in the same subnet like the server's IP address. Next, replace the <server-public-key> with the generated servers public key. And also replace <server-public-ip-address> with the IP address where the server listens for incoming connections.Note that if you set the AllowedIPs to

    0.0

    Code Block
    [Interface]
PrivateKey = <client-private-key>
Address = 10.99.0.
    0/0 the client will route ALL traffic through the VPN tunnel. That means, even if the client will access the public internet, this will break out on the server-side. If you don't want route all traffic through the tunnel, you need to replace this with the target IP addresses or networks.

    Code Block
    [Interface]
PrivateKey = <client-private-key>
Address = <client-ip-address>/<subnet>
SaveConfig = true

[Peer]
PublicKey = <server-public-key>
Endpoint = <server-public-ip-address>:51820
AllowedIPs = 0.0.0.0/0

  7. Start and test
    enable the wg0 interface with the following command

  8. Code Block
    wg-quick up wg0

    You can check the status of the connection with this command.

    Code Blockwg

    2/24

[Peer]
PublicKey = <server-public-key>
AllowedIPs = 10.99.0.0/24
Endpoint = <server-public-ip-address>:51821

  9. Open ports (UDP) for wireguard on your router.

  10. Start and test
    enable the wg0 interface with the following command

  11. Code Block
    wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.99.0.1/24 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE;

    You can check the status of the connection with this command.

    Code Block
    [root@pikvm ~]# wg
interface: wg0
  public key: K9aP9W9TW/bfdaGQA2fSFBZh6ZZy198Q=
  private key: (hidden)
  listening port: 51821
[root@pikvm ~]# ifcongif -a 
-bash: ifcongif: command not found
[root@pikvm ~]# ifconfig -a
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 99  bytes 8158 (7.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 99  bytes 8158 (7.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 1420
        inet 10.99.0.1  netmask 255.255.255.0  destination 10.99.0.1
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 1000  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.2  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::e65f:1ff:fe87:f396  prefixlen 64  scopeid 0x20<link>
        ether e4:5f:01:87:f3:96  txqueuelen 1000  (Ethernet)
        RX packets 1505204  bytes 36789964 (35.0 MiB)
        RX errors 0  dropped 1224409  overruns 0  frame 0
        TX packets 110425  bytes 8452065 (8.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    Next, you need to add the client to the server configuration file. Otherwise, the tunnel will not be established. Replace the <client-public-key> with the clients generated public key and the <client-ip-address> with the client's IP address on the wg0 interface.

    Code Block
    wg set wg0 peer <client-public-key> allowed-ips <client-ip-address>/32

    Now you can enable the wg0 interface on the server.

    Code Block
    wg-quick up wg0
    Code Block
    wg

  12. Configure auto-start

...