apt update -y && apt install wireguard -y| Recher | IP | Tunnel IP | User | Passwort | Notes |
|---|---|---|---|---|---|
| IONOS VPS | 217.160.11.95 | 10.30.250.1 | root | xJ#p9$*DfT | |
| NAS | 10.30.250.2 | root | romdz6! | ||
| Handy | 10.30.250.3 | ||||
| X250 Laptop | 10.30.250.4 | ||||
| Firma Linux | 10.30.250.5 | ||||
| Doro | 10.30.250.6 |
wg genkey | tee server_private.key | wg pubkey > server_public.key| Rechner | Private | Public |
|---|---|---|
| IONOS VPS | YFgaDQBWzcfCE25q8bUocKRqz5LT1GS6eGrX6SldT3s= | mFFQAlQt3yMFpG6DbCtN61XXL379epc4MoL0mGM7H30= |
| NAS | EGPMX6pxjh86u0M+YaNUk21suG7iFIOl2jgkvVcf1ng= | 4XOnKh1ZZs6cNVjyFEjTz3njPUYTta3OSPTY4bsCLCs= |
| Handy | mJkKiZROoUm0PtT15kF8b3xmNVMGKUHv7dP6SxEyDEs= | Or5f7b6myu8FfYUOGG9aqCxj6L38bKlzinszbT6tHhY= |
| X250 Notebook | wMXaNqJ5tSzinf+XaxK95sH5RHEOThpR/qXOkKC5/3U= | UkHXpioh9plZpdDGwLa+8CuxZ9mlYR3LftEbnf8cUhU= |
| Firma Linux | mPGz8alOB5X0x2BtisIeVPGB+NBiXqhWWZax/4WTrXs= | zUTHdHlfC99dx0pfr09i5qEVKTRFkoUkg5+JPEr6uCo= |
| Doro | YH5eJ8H7VIlrltgpIr2J9jGPXARuCwSbxggV0+2MRXQ= | HUTtUWCQ1lfZkXJxzY1iL48ZFVqTQzFagr5rhcMa8VQ= |
[Interface] Address = 10.30.250.1/24 PrivateKey = YFgaDQBWzcfCE25q8bUocKRqz5LT1GS6eGrX6SldT3s= ListenPort = 51820 MTU = 1360 Table = off # 1. Lokales Routing auf dem VPS, damit er weiß, wo deine Heimnetze liegen PostUp = ip route add 10.30.1.0/24 dev wg0 PostUp = ip route add 10.30.10.0/24 dev wg0 PostUp = ip route add 10.30.20.0/24 dev wg0 PostUp = ip route add 10.30.30.0/24 dev wg0 PostUp = ip route add 10.30.40.0/24 dev wg0 # 2. Policy Routing: Zwingt den Internet-Traffic der Clients (z.B. Handy) in den Tunnel zur UDM PostUp = ip rule add iif wg0 lookup 200 PostUp = ip route add default dev wg0 table 200 # 3. Erlaubt Linux, die Pakete innerhalb des Tunnels (Handy -> UDM) weiterzuleiten PostUp = iptables -I FORWARD -i wg0 -o wg0 -j ACCEPT PreDown = iptables -D FORWARD -i wg0 -o wg0 -j ACCEPT # Cleanup beim Beenden des Tunnels PreDown = ip rule del iif wg0 lookup 200 PreDown = ip route flush table 200 PreDown = ip route del 10.30.40.0/24 dev wg0 PreDown = ip route del 10.30.30.0/24 dev wg0 PreDown = ip route del 10.30.20.0/24 dev wg0 PreDown = ip route del 10.30.10.0/24 dev wg0 PreDown = ip route del 10.30.1.0/24 dev wg0 # Peer 1: UDM Max (Dein neues Gateway ins Heimnetz und ins Internet) [Peer] PublicKey = 4XOnKh1ZZs6cNVjyFEjTz3njPUYTta3OSPTY4bsCLCs= # Die 0.0.0.0/0 ist hier essenziell, damit der VPS Anfragen ins Internet an die UDM abgibt AllowedIPs = 10.30.1.0/24, 10.30.10.0/24, 10.30.20.0/24, 10.30.30.0/24, 10.30.40.0/24, 0.0.0.0/0 # Peer 2: Handy [Peer] PublicKey = Or5f7b6myu8FfYUOGG9aqCxj6L38bKlzinszbT6tHhY= AllowedIPs = 10.30.250.3/32 # Peer 3: Notebook X250 [Peer] PublicKey = UkHXpioh9plZpdDGwLa+8CuxZ9mlYR3LftEbnf8cUhU= AllowedIPs = 10.30.250.4/32 # Peer 4: Firma Linux [Peer] PublicKey = zUTHdHlfC99dx0pfr09i5qEVKTRFkoUkg5+JPEr6uCo= AllowedIPs = 10.30.250.5/32 # Peer 5: Doro [Peer] PublicKey = HUTtUWCQ1lfZkXJxzY1iL48ZFVqTQzFagr5rhcMa8VQ= AllowedIPs = 10.30.250.6/32
Konfig direkt auf dem UDM Max
[Interface] # HIER den jeweiligen privaten Schlüssel des Geräts eintragen (Laptop, Arbeit oder Frau) PrivateKey = <JEWEILIGER_PRIVATE_KEY> # IP anpassen: Laptop (.4), Arbeit (.5), Frau (.6) Address = 10.30.250.X/32 DNS = 10.30.1.111 MTU = 1360 [Peer] # Das ist und bleibt der Public Key deines IONOS Servers PublicKey = mFFQAlQt3yMFpG6DbCtN61XXL379epc4MoL0mGM7H30= Endpoint = 217.160.11.95:51820 AllowedIPs = 0.0.0.0/0, ::/0 PersistentKeepalive = 25