Dr. Klipper Wiki

User Tools

Site Tools

You are here: Dr. Klipper » Haussteuerung » WireGuard » WireGuard
Trace: WireGuard
haussteuerung:wireguard:infos

This is an old revision of the document!

Table of Contents

WireGuard

Voraussetzungen

  • IONOS VPS Server mit externe IPv4
  • NAS im Heimnetz

Installation WG

  • Auf der NAS und dem VPS Wireguard installieren
    apt update -y && apt install wireguard -y
  • Auf dem Handy WG Tunnel
Recher IP Tunnel IP User Passwort Notes
IONOS VPS 217.160.11.95 10.30.250.1 root xJ#p9$*DfT
NAS 10.30.250.2 root romdz6!
Handy 10.30.250.3
X250 Laptop 10.30.250.4
Firma Linux 10.30.250.5
Doro 10.30.250.6

Pub/Priv Key erstellen

  • Auf jedem Peer folgendes ausführen
    wg genkey | tee server_private.key | wg pubkey > server_public.key

Keys

Rechner Private Public
IONOS VPS YFgaDQBWzcfCE25q8bUocKRqz5LT1GS6eGrX6SldT3s= mFFQAlQt3yMFpG6DbCtN61XXL379epc4MoL0mGM7H30=
NAS EGPMX6pxjh86u0M+YaNUk21suG7iFIOl2jgkvVcf1ng= 4XOnKh1ZZs6cNVjyFEjTz3njPUYTta3OSPTY4bsCLCs=
Handy mJkKiZROoUm0PtT15kF8b3xmNVMGKUHv7dP6SxEyDEs= Or5f7b6myu8FfYUOGG9aqCxj6L38bKlzinszbT6tHhY=
X250 Notebook “wMXaNqJ5tSzinf+XaxK95sH5RHEOThpR/qXOkKC5/3U=” “UkHXpioh9plZpdDGwLa+8CuxZ9mlYR3LftEbnf8cUhU=”
Firma Linux “mPGz8alOB5X0x2BtisIeVPGB+NBiXqhWWZax/4WTrXs=” “zUTHdHlfC99dx0pfr09i5qEVKTRFkoUkg5+JPEr6uCo=”
Doro “YH5eJ8H7VIlrltgpIr2J9jGPXARuCwSbxggV0+2MRXQ=” “HUTtUWCQ1lfZkXJxzY1iL48ZFVqTQzFagr5rhcMa8VQ=”

Konfigs

IONOS VPS

VPS.conf
[Interface]
Address = 10.0.0.1/24
PrivateKey = YFgaDQBWzcfCE25q8bUocKRqz5LT1GS6eGrX6SldT3s=
ListenPort = 51820
PostUp = iptables -A FORWARD -i wg0 -o wg0 -j ACCEPT
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT
PostUp = echo "200 wgexit" >> /etc/iproute2/rt_tables
PostUp = ip rule add from 10.0.0.3 table 200
PostUp = ip route add default via 10.0.0.2 dev wg0 table 200
PostDown = iptables -D FORWARD -i wg0 -o wg0 -j ACCEPT
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT
PostDown = ip rule del from 10.0.0.3 table 200
PostDown = ip route del default via 10.0.0.2 dev wg0 table 200

[Peer]  # NAS
PublicKey = 4XOnKh1ZZs6cNVjyFEjTz3njPUYTta3OSPTY4bsCLCs=
AllowedIPs = 10.0.0.2/32, 192.168.30.0/24
PersistentKeepalive = 25

[Peer]  # Handy
PublicKey = Or5f7b6myu8FfYUOGG9aqCxj6L38bKlzinszbT6tHhY=
AllowedIPs = 10.0.0.3/32
PersistentKeepalive = 25

NAS

NAS.conf
[Interface]
Address = 10.0.0.2/24
PrivateKey = EGPMX6pxjh86u0M+YaNUk21suG7iFIOl2jgkvVcf1ng=
DNS = 192.168.30.20
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostUp = iptables -A FORWARD -i wg0 -o eno1 -j ACCEPT
PostUp = iptables -A FORWARD -i eno1 -o wg0 -j ACCEPT  # eno1 -> LAN-Interface
PostDown = iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -o eno1 -j ACCEPT
PostDown = iptables -D FORWARD -i eno1 -o wg0 -j ACCEPT

# VPS Server
[Peer]  
PublicKey = mFFQAlQt3yMFpG6DbCtN61XXL379epc4MoL0mGM7H30=
Endpoint = 217.160.11.95:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

Handy

handy.conf
[Interface]
Address = 10.0.0.3/24
PrivateKey = mJkKiZROoUm0PtT15kF8b3xmNVMGKUHv7dP6SxEyDEs=
DNS = 192.168.30.20

[Peer]
Endpoint = 217.160.11.95:51820
PublicKey = mFFQAlQt3yMFpG6DbCtN61XXL379epc4MoL0mGM7H30=
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 25
haussteuerung/wireguard/infos.1772481398.txt.gz · Last modified: by dominik
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki