====== WireGuard ======

===== Voraussetzungen =====
  * IONOS VPS Server mit externe IPv4
  * NAS im Heimnetz 

===== Installation WG =====
  * Auf der NAS und dem VPS Wireguard installieren \\ ''apt update -y && apt install wireguard -y''
  * Auf dem Handy WG Tunnel

^ Recher     ^ IP             ^ Tunnel IP  ^ User  ^ Passwort    ^ Notes  ^
| IONOS VPS  | 217.160.11.95  | 10.0.0.1   | root  | ''xJ#p9$*DfT'' |        |
| NAS        | 192.168.30.10  | 10.0.0.2   | root  | romdz6!     |        |
| Handy      |                | 10.0.0.3   |       |             |        |

===== Pub/Priv Key erstellen =====
  * Auf jedem Peer folgendes ausführen \\ ''wg genkey | tee server_private.key | wg pubkey > server_public.key''

===== Keys =====
^ Rechner    ^ Private                                           ^ Public                                            ^
| IONOS VPS  | ''YFgaDQBWzcfCE25q8bUocKRqz5LT1GS6eGrX6SldT3s=''  | ''mFFQAlQt3yMFpG6DbCtN61XXL379epc4MoL0mGM7H30=''  |
| NAS        | ''EGPMX6pxjh86u0M+YaNUk21suG7iFIOl2jgkvVcf1ng=''  | ''4XOnKh1ZZs6cNVjyFEjTz3njPUYTta3OSPTY4bsCLCs=''  |
| Handy      | ''mJkKiZROoUm0PtT15kF8b3xmNVMGKUHv7dP6SxEyDEs=''  | ''Or5f7b6myu8FfYUOGG9aqCxj6L38bKlzinszbT6tHhY=''  |

===== Konfigs =====
==== IONOS VPS ====
<code | VPS.conf>
[Interface]
Address = 10.0.0.1/24
PrivateKey = YFgaDQBWzcfCE25q8bUocKRqz5LT1GS6eGrX6SldT3s=
ListenPort = 51820
PostUp = iptables -A FORWARD -i wg0 -o wg0 -j ACCEPT
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT
PostUp = echo "200 wgexit" >> /etc/iproute2/rt_tables
PostUp = ip rule add from 10.0.0.3 table 200
PostUp = ip route add default via 10.0.0.2 dev wg0 table 200
PostDown = iptables -D FORWARD -i wg0 -o wg0 -j ACCEPT
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT
PostDown = ip rule del from 10.0.0.3 table 200
PostDown = ip route del default via 10.0.0.2 dev wg0 table 200

[Peer]  # NAS
PublicKey = 4XOnKh1ZZs6cNVjyFEjTz3njPUYTta3OSPTY4bsCLCs=
AllowedIPs = 10.0.0.2/32, 192.168.30.0/24
PersistentKeepalive = 25

[Peer]  # Handy
PublicKey = Or5f7b6myu8FfYUOGG9aqCxj6L38bKlzinszbT6tHhY=
AllowedIPs = 10.0.0.3/32
PersistentKeepalive = 25
</code>

==== NAS ====
<code | NAS.conf>
[Interface]
Address = 10.0.0.2/24
PrivateKey = EGPMX6pxjh86u0M+YaNUk21suG7iFIOl2jgkvVcf1ng=
DNS = 192.168.30.20
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostUp = iptables -A FORWARD -i wg0 -o eno1 -j ACCEPT
PostUp = iptables -A FORWARD -i eno1 -o wg0 -j ACCEPT  # eno1 -> LAN-Interface
PostDown = iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -o eno1 -j ACCEPT
PostDown = iptables -D FORWARD -i eno1 -o wg0 -j ACCEPT

# VPS Server
[Peer]  
PublicKey = mFFQAlQt3yMFpG6DbCtN61XXL379epc4MoL0mGM7H30=
Endpoint = 217.160.11.95:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
</code>

==== Handy ====
<code | handy.conf>
[Interface]
Address = 10.0.0.3/24
PrivateKey = mJkKiZROoUm0PtT15kF8b3xmNVMGKUHv7dP6SxEyDEs=
DNS = 192.168.30.20

[Peer]
Endpoint = 217.160.11.95:51820
PublicKey = mFFQAlQt3yMFpG6DbCtN61XXL379epc4MoL0mGM7H30=
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 25
</code>