Dr. Klipper Wiki

User Tools

Site Tools

You are here: Dr. Klipper » Haussteuerung » WireGuard » WireGuard
Trace:
haussteuerung:wireguard:infos

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
haussteuerung:wireguard:infos [2025/10/12 16:24] – ↷ Page moved and renamed from haus:wireguard to haussteuerung:wireguard:infos dominikhaussteuerung:wireguard:infos [2026/03/02 21:27] (current) – [Handy] dominik
Line 9: Line 9:
   * Auf dem Handy WG Tunnel   * Auf dem Handy WG Tunnel
  
-^ Recher     ^ IP             ^ Tunnel IP  ^ User  ^ Passwort    ^ Notes  ^ +^ Recher       ^ IP             ^ Tunnel IP    ^ User  ^ Passwort        ^ Notes  ^ 
-| IONOS VPS  | 217.160.11.95  | 10.0.0.1   | root  | ''xJ#p9$*DfT'' |        | +| IONOS VPS    | 217.160.11.95  | 10.30.250.1  | root  | ''xJ#p9$*DfT''  |        | 
-| NAS        192.168.30.10  | 10.0.0.2   | root  | romdz6!     |        | +| NAS                         | 10.30.250.2  | root  | romdz6!         |        | 
-| Handy      |                | 10.0.0.3   |                   |        |+| Handy        |                | 10.30.250.3  |                       |        | 
 +| X250 Laptop  |                | 10.30.250.4  |                              | 
 +| Firma Linux  |                | 10.30.250.5  |                              | 
 +| Doro                        | 10.30.250.6  |                       |        |
  
 ===== Pub/Priv Key erstellen ===== ===== Pub/Priv Key erstellen =====
Line 18: Line 21:
  
 ===== Keys ===== ===== Keys =====
-^ Rechner    ^ Private                                           ^ Public                                            ^ +^ Rechner        ^ Private                                           ^ Public                                            ^ 
-| IONOS VPS  | ''YFgaDQBWzcfCE25q8bUocKRqz5LT1GS6eGrX6SldT3s=''  | ''mFFQAlQt3yMFpG6DbCtN61XXL379epc4MoL0mGM7H30='' +| IONOS VPS      | ''YFgaDQBWzcfCE25q8bUocKRqz5LT1GS6eGrX6SldT3s=''  | ''mFFQAlQt3yMFpG6DbCtN61XXL379epc4MoL0mGM7H30='' 
-| NAS        | ''EGPMX6pxjh86u0M+YaNUk21suG7iFIOl2jgkvVcf1ng=''  | ''4XOnKh1ZZs6cNVjyFEjTz3njPUYTta3OSPTY4bsCLCs='' +| NAS            | ''EGPMX6pxjh86u0M+YaNUk21suG7iFIOl2jgkvVcf1ng=''  | ''4XOnKh1ZZs6cNVjyFEjTz3njPUYTta3OSPTY4bsCLCs='' 
-| Handy      | ''mJkKiZROoUm0PtT15kF8b3xmNVMGKUHv7dP6SxEyDEs=''  | ''Or5f7b6myu8FfYUOGG9aqCxj6L38bKlzinszbT6tHhY=''  |+| Handy          | ''mJkKiZROoUm0PtT15kF8b3xmNVMGKUHv7dP6SxEyDEs=''  | ''Or5f7b6myu8FfYUOGG9aqCxj6L38bKlzinszbT6tHhY='' 
 +| X250 Notebook  | ''wMXaNqJ5tSzinf+XaxK95sH5RHEOThpR/qXOkKC5/3U=''  | ''UkHXpioh9plZpdDGwLa+8CuxZ9mlYR3LftEbnf8cUhU='' 
 +| Firma Linux    | ''mPGz8alOB5X0x2BtisIeVPGB+NBiXqhWWZax/4WTrXs=''  | ''zUTHdHlfC99dx0pfr09i5qEVKTRFkoUkg5+JPEr6uCo='' 
 +| Doro           | ''YH5eJ8H7VIlrltgpIr2J9jGPXARuCwSbxggV0+2MRXQ=''  | ''HUTtUWCQ1lfZkXJxzY1iL48ZFVqTQzFagr5rhcMa8VQ=''  |
  
 ===== Konfigs ===== ===== Konfigs =====
Line 27: Line 33:
 <code | VPS.conf> <code | VPS.conf>
 [Interface] [Interface]
-Address = 10.0.0.1/24+Address = 10.30.250.1/24
 PrivateKey = YFgaDQBWzcfCE25q8bUocKRqz5LT1GS6eGrX6SldT3s= PrivateKey = YFgaDQBWzcfCE25q8bUocKRqz5LT1GS6eGrX6SldT3s=
 ListenPort = 51820 ListenPort = 51820
-PostUp iptables -A FORWARD -i wg0 -o wg0 -j ACCEPT +MTU 1360 
-PostUp iptables -A FORWARD -i wg0 -j ACCEPT +Table off
-PostUp = echo "200 wgexit" >> /etc/iproute2/rt_tables +
-PostUp = ip rule add from 10.0.0.3 table 200 +
-PostUp = ip route add default via 10.0.0.2 dev wg0 table 200 +
-PostDown = iptables -D FORWARD -i wg0 -o wg0 -j ACCEPT +
-PostDown = iptables -D FORWARD -i wg0 -j ACCEPT +
-PostDown = ip rule del from 10.0.0.3 table 200 +
-PostDown = ip route del default via 10.0.0.2 dev wg0 table 200+
  
-[Peer]  # NAS+# 1. Lokales Routing auf dem VPS, damit er weiß, wo deine Heimnetze liegen 
 +PostUp = ip route add 10.30.1.0/24 dev wg0 
 +PostUp = ip route add 10.30.10.0/24 dev wg0 
 +PostUp = ip route add 10.30.20.0/24 dev wg0 
 +PostUp = ip route add 10.30.30.0/24 dev wg0 
 +PostUp = ip route add 10.30.40.0/24 dev wg0 
 + 
 +# 2. Policy Routing: Zwingt den Internet-Traffic der Clients (z.B. Handy) in den Tunnel zur UDM 
 +PostUp = ip rule add iif wg0 lookup 200 
 +PostUp = ip route add default dev wg0 table 200 
 + 
 +# 3. Erlaubt Linux, die Pakete innerhalb des Tunnels (Handy -> UDM) weiterzuleiten 
 +PostUp = iptables -I FORWARD -i wg0 -o wg0 -j ACCEPT 
 +PreDown = iptables -D FORWARD -i wg0 -o wg0 -j ACCEPT 
 + 
 +# Cleanup beim Beenden des Tunnels 
 +PreDown = ip rule del iif wg0 lookup 200 
 +PreDown = ip route flush table 200 
 +PreDown = ip route del 10.30.40.0/24 dev wg0 
 +PreDown = ip route del 10.30.30.0/24 dev wg0 
 +PreDown = ip route del 10.30.20.0/24 dev wg0 
 +PreDown = ip route del 10.30.10.0/24 dev wg0 
 +PreDown = ip route del 10.30.1.0/24 dev wg0 
 + 
 +# Peer 1: UDM Max (Dein neues Gateway ins Heimnetz und ins Internet) 
 +[Peer]
 PublicKey = 4XOnKh1ZZs6cNVjyFEjTz3njPUYTta3OSPTY4bsCLCs= PublicKey = 4XOnKh1ZZs6cNVjyFEjTz3njPUYTta3OSPTY4bsCLCs=
-AllowedIPs = 10.0.0.2/32192.168.30.0/24 +# Die 0.0.0.0/0 ist hier essenziell, damit der VPS Anfragen ins Internet an die UDM abgibt 
-PersistentKeepalive = 25+AllowedIPs = 10.30.1.0/24, 10.30.10.0/24, 10.30.20.0/2410.30.30.0/24, 10.30.40.0/24, 0.0.0.0/0
  
-[Peer]  # Handy+# Peer 2: Handy 
 +[Peer]
 PublicKey = Or5f7b6myu8FfYUOGG9aqCxj6L38bKlzinszbT6tHhY= PublicKey = Or5f7b6myu8FfYUOGG9aqCxj6L38bKlzinszbT6tHhY=
-AllowedIPs = 10.0.0.3/32 +AllowedIPs = 10.30.250.3/32
-PersistentKeepalive = 25 +
-</code>+
  
-==== NAS ==== +# Peer 3: Notebook X250 
-<code | NAS.conf> +[Peer
-[Interface+PublicKey = UkHXpioh9plZpdDGwLa+8CuxZ9mlYR3LftEbnf8cUhU= 
-Address = 10.0.0.2/24 +AllowedIPs = 10.30.250.4/32 
-PrivateKey EGPMX6pxjh86u0M+YaNUk21suG7iFIOl2jgkvVcf1ng+ 
-DNS 192.168.30.20 +# Peer 4: Firma Linux 
-PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE +[Peer] 
-PostUp = iptables -A FORWARD -i wg0 -o eno1 -j ACCEPT +PublicKey zUTHdHlfC99dx0pfr09i5qEVKTRFkoUkg5+JPEr6uCo
-PostUp = iptables -A FORWARD -i eno1 -o wg0 -j ACCEPT  eno1 -> LAN-Interface +AllowedIPs 10.30.250.5/32 
-PostDown = iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE + 
-PostDown iptables -D FORWARD -i wg0 -o eno1 -j ACCEPT +Peer 5: Doro 
-PostDown iptables -D FORWARD -i eno1 -o wg0 -j ACCEPT+[Peer] 
 +PublicKey = HUTtUWCQ1lfZkXJxzY1iL48ZFVqTQzFagr5rhcMa8VQ
 +AllowedIPs 10.30.250.6/32
  
-# VPS Server 
-[Peer]   
-PublicKey = mFFQAlQt3yMFpG6DbCtN61XXL379epc4MoL0mGM7H30= 
-Endpoint = 217.160.11.95:51820 
-AllowedIPs = 0.0.0.0/0 
-PersistentKeepalive = 25 
 </code> </code>
 +
 +==== NAS ====
 +Konfig direkt auf dem UDM Max
  
 ==== Handy ==== ==== Handy ====
-<code | handy.conf>+<code | Client.conf>
 [Interface] [Interface]
-Address = 10.0.0.3/24 +# HIER den jeweiligen privaten Schlüssel des Geräts eintragen (Laptop, Arbeit oder Frau) 
-PrivateKey = mJkKiZROoUm0PtT15kF8b3xmNVMGKUHv7dP6SxEyDEs= +PrivateKey = <JEWEILIGER_PRIVATE_KEY> 
-DNS = 192.168.30.20+ 
 +# IP anpassen: Laptop (.4), Arbeit (.5), Frau (.6) 
 +Address = 10.30.250.X/32 
 + 
 +DNS = 10.30.1.111 
 +MTU = 1360
  
 [Peer] [Peer]
-Endpoint = 217.160.11.95:51820+# Das ist und bleibt der Public Key deines IONOS Servers
 PublicKey = mFFQAlQt3yMFpG6DbCtN61XXL379epc4MoL0mGM7H30= PublicKey = mFFQAlQt3yMFpG6DbCtN61XXL379epc4MoL0mGM7H30=
 +Endpoint = 217.160.11.95:51820
 AllowedIPs = 0.0.0.0/0, ::/0 AllowedIPs = 0.0.0.0/0, ::/0
 PersistentKeepalive = 25 PersistentKeepalive = 25
haussteuerung/wireguard/infos.1760279094.txt.gz · Last modified: by dominik
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki