Differences

This shows you the differences between two versions of the page.

--- haussteuerung:wireguard:infos [2025/10/12 16:24] – removed - external edit (Unknown date) 127.0.0.1
+++ haussteuerung:wireguard:infos [2026/03/02 21:27] (current) – [Handy] dominik
@@ Line 1: / Line 1: @@
+====== WireGuard ======
+===== Voraussetzungen =====
+  * IONOS VPS Server mit externe IPv4
+  * NAS im Heimnetz
+===== Installation WG =====
+  * Auf der NAS und dem VPS Wireguard installieren \\ ''apt update -y && apt install wireguard -y''
+  * Auf dem Handy WG Tunnel
+^ Recher       ^ IP             ^ Tunnel IP    ^ User  ^ Passwort        ^ Notes  ^
+| IONOS VPS    | 217.160.11.95  | 10.30.250.1  | root  | ''xJ#p9$*DfT''  |        |
+| NAS          |                | 10.30.250.2  | root  | romdz6!         |        |
+| Handy        |                | 10.30.250.3  |       |                 |        |
+| X250 Laptop  |                | 10.30.250.4  |       |                 |        |
+| Firma Linux  |                | 10.30.250.5  |       |                 |        |
+| Doro         |                | 10.30.250.6  |       |                 |        |
+===== Pub/Priv Key erstellen =====
+  * Auf jedem Peer folgendes ausführen \\ ''wg genkey | tee server_private.key | wg pubkey > server_public.key''
+===== Keys =====
+^ Rechner        ^ Private                                           ^ Public                                            ^
+| IONOS VPS      | ''YFgaDQBWzcfCE25q8bUocKRqz5LT1GS6eGrX6SldT3s=''  | ''mFFQAlQt3yMFpG6DbCtN61XXL379epc4MoL0mGM7H30=''  |
+| NAS            | ''EGPMX6pxjh86u0M+YaNUk21suG7iFIOl2jgkvVcf1ng=''  | ''4XOnKh1ZZs6cNVjyFEjTz3njPUYTta3OSPTY4bsCLCs=''  |
+| Handy          | ''mJkKiZROoUm0PtT15kF8b3xmNVMGKUHv7dP6SxEyDEs=''  | ''Or5f7b6myu8FfYUOGG9aqCxj6L38bKlzinszbT6tHhY=''  |
+| X250 Notebook  | ''wMXaNqJ5tSzinf+XaxK95sH5RHEOThpR/qXOkKC5/3U=''  | ''UkHXpioh9plZpdDGwLa+8CuxZ9mlYR3LftEbnf8cUhU=''  |
+| Firma Linux    | ''mPGz8alOB5X0x2BtisIeVPGB+NBiXqhWWZax/4WTrXs=''  | ''zUTHdHlfC99dx0pfr09i5qEVKTRFkoUkg5+JPEr6uCo=''  |
+| Doro           | ''YH5eJ8H7VIlrltgpIr2J9jGPXARuCwSbxggV0+2MRXQ=''  | ''HUTtUWCQ1lfZkXJxzY1iL48ZFVqTQzFagr5rhcMa8VQ=''  |
+===== Konfigs =====
+==== IONOS VPS ====
+<code | VPS.conf>
+[Interface]
+Address = 10.30.250.1/24
+PrivateKey = YFgaDQBWzcfCE25q8bUocKRqz5LT1GS6eGrX6SldT3s=
+ListenPort = 51820
+MTU = 1360
+Table = off
+# 1. Lokales Routing auf dem VPS, damit er weiß, wo deine Heimnetze liegen
+PostUp = ip route add 10.30.1.0/24 dev wg0
+PostUp = ip route add 10.30.10.0/24 dev wg0
+PostUp = ip route add 10.30.20.0/24 dev wg0
+PostUp = ip route add 10.30.30.0/24 dev wg0
+PostUp = ip route add 10.30.40.0/24 dev wg0
+# 2. Policy Routing: Zwingt den Internet-Traffic der Clients (z.B. Handy) in den Tunnel zur UDM
+PostUp = ip rule add iif wg0 lookup 200
+PostUp = ip route add default dev wg0 table 200
+# 3. Erlaubt Linux, die Pakete innerhalb des Tunnels (Handy -> UDM) weiterzuleiten
+PostUp = iptables -I FORWARD -i wg0 -o wg0 -j ACCEPT
+PreDown = iptables -D FORWARD -i wg0 -o wg0 -j ACCEPT
+# Cleanup beim Beenden des Tunnels
+PreDown = ip rule del iif wg0 lookup 200
+PreDown = ip route flush table 200
+PreDown = ip route del 10.30.40.0/24 dev wg0
+PreDown = ip route del 10.30.30.0/24 dev wg0
+PreDown = ip route del 10.30.20.0/24 dev wg0
+PreDown = ip route del 10.30.10.0/24 dev wg0
+PreDown = ip route del 10.30.1.0/24 dev wg0
+# Peer 1: UDM Max (Dein neues Gateway ins Heimnetz und ins Internet)
+[Peer]
+PublicKey = 4XOnKh1ZZs6cNVjyFEjTz3njPUYTta3OSPTY4bsCLCs=
+# Die 0.0.0.0/0 ist hier essenziell, damit der VPS Anfragen ins Internet an die UDM abgibt
+AllowedIPs = 10.30.1.0/24, 10.30.10.0/24, 10.30.20.0/24, 10.30.30.0/24, 10.30.40.0/24, 0.0.0.0/0
+# Peer 2: Handy
+[Peer]
+PublicKey = Or5f7b6myu8FfYUOGG9aqCxj6L38bKlzinszbT6tHhY=
+AllowedIPs = 10.30.250.3/32
+# Peer 3: Notebook X250
+[Peer]
+PublicKey = UkHXpioh9plZpdDGwLa+8CuxZ9mlYR3LftEbnf8cUhU=
+AllowedIPs = 10.30.250.4/32
+# Peer 4: Firma Linux
+[Peer]
+PublicKey = zUTHdHlfC99dx0pfr09i5qEVKTRFkoUkg5+JPEr6uCo=
+AllowedIPs = 10.30.250.5/32
+# Peer 5: Doro
+[Peer]
+PublicKey = HUTtUWCQ1lfZkXJxzY1iL48ZFVqTQzFagr5rhcMa8VQ=
+AllowedIPs = 10.30.250.6/32
+</code>
+==== NAS ====
+Konfig direkt auf dem UDM Max
+==== Handy ====
+<code | Client.conf>
+[Interface]
+# HIER den jeweiligen privaten Schlüssel des Geräts eintragen (Laptop, Arbeit oder Frau)
+PrivateKey = <JEWEILIGER_PRIVATE_KEY>
+# IP anpassen: Laptop (.4), Arbeit (.5), Frau (.6)
+Address = 10.30.250.X/32
+DNS = 10.30.1.111
+MTU = 1360
+[Peer]
+# Das ist und bleibt der Public Key deines IONOS Servers
+PublicKey = mFFQAlQt3yMFpG6DbCtN61XXL379epc4MoL0mGM7H30=
+Endpoint = 217.160.11.95:51820
+AllowedIPs = 0.0.0.0/0, ::/0
+PersistentKeepalive = 25
+</code>