Slackware – only wireguard-tools is required, as -current contains the module already
#sbopkg -i wireguard-linux-compat sbopkg -i wireguard-tools
Ubuntu
apt install wireguard
shared
lsmod | grep wireguard
required on any peer
mkdir ~/wg/ chmod 700 ~/wg/ cd ~/wg/ wg genkey > `uname -n`.key wg pubkey < `uname -n`.key > `uname -n`.pub chmod 400 *
also take the chance to define some static name resolution
vi /etc/hosts # end-points - public ips x.x.x.x xc.nethence.com xc x.x.x.x wg.os3.su wg # cross-site internal network 10.1.1.1 hosta 10.1.1.2 hostb
now copy/paste the pubkey of the client herein
ip link add dev wg0 type wireguard ip address add 10.1.1.1/24 dev wg0 wg set wg0 listen-port 51821 private-key /root/wg/`uname -n`.key wg set wg0 peer PEER-B-PUB-KEY endpoint PUBLIC-IP-PEER-B:51822 allowed-ips 10.1.1.2/32 ip link set wg0 up ifconfig wg0
check that the second end-point can listen on the desired network (eventually enable port-forwarding)
ip link add dev wg0 type wireguard
ip addr add 10.1.1.2/24 dev wg0
wg set wg0 listen-port 51822 private-key /root/wg/`uname -n`.key
wg set wg0 peer PEER-A-PUB-KEY endpoint PUBLIC-IP-PEER-A:51821 allowed-ips 10.1.1.1/32
ip link set wg0 up
ifconfig wg0
as configuration files
on any peer
ls -alF /etc/wireguard/ wg showconf wg0 wg showconf wg0 > /etc/wireguard/wg0.conf
on any peer
enable at boot-time
vi /etc/rc.d/rc.inet1 vi /etc/rc.local # self-verbose wg-quick up wg0 # ifconfig issue: netmask becomes /0 echo -n wg0... ip addr add 10.1.1.1/32 dev wg0 && echo done || echo FAIL ip addr add 10.1.1.2/32 dev wg0 && echo done || echo FAIL
status
ip addr show dev wg0 wg show netstat -lnup | grep 518
stop
# self-verbose
wg-quick down wg0
from hosta
nmap -sU -p 51822 wg netstat -rn --inet tcpdump -ttttni xenbr0 'udp port 51821'
from hostb
nmap -sU -p 51821 xc netstat -rn --inet tcpdump -ttttni eth0 'udp port 51822'
from hosta
ping 10.1.1.2
from hostb
ping 10.1.1.1
You don’t need to enable forwarding on the hosts for them to communicate through the encrypted pipe. However in case we’re talking subnet gateways…
on both sides
echo 1 > /proc/sys/net/ipv4/ip_forward
Installation https://www.wireguard.com/install/
Quick Start https://www.wireguard.com/quickstart/
Key Generation https://www.wireguard.com/quickstart/#key-generation
14.2 > Network > wireguard-linux-compat (1.0.20210219) https://slackbuilds.org/repository/14.2/network/wireguard-linux-compat/
14.2 > Network > wireguard-tools (1.0.20210315) https://slackbuilds.org/repository/14.2/network/wireguard-tools/
WireGuard https://wiki.archlinux.org/title/WireGuard –> file-based configs
WireGuard VPN: Typical Setup https://www.ckn.io/blog/2017/11/14/wireguard-vpn-typical-setup/
How to check VPN link status on wireguard https://vmwaremine.com/2020/10/01/how-to-check-vpn-link-status-on-wireguard/
Troubleshooting wireguard - any logs available? https://www.reddit.com/r/WireGuard/comments/a0s6p2/troubleshooting_wireguard_any_logs_available/
FOUR WAYS TO VIEW WIREGUARD LOGS https://www.procustodibus.com/blog/2021/03/wireguard-logs/
https://stackoverflow.com/questions/61109400/wireguard-how-to-log-network-activity
How to debug wireguard on the server? https://lists.zx2c4.com/pipermail/wireguard/2019-March/004027.html
https://serverfault.com/questions/1058255/configure-dns-routing-in-wireguard
https://www.vmwaremine.com/2020/10/01/how-to-check-vpn-link-status-on-wireguard/
https://www.procustodibus.com/blog/2021/01/how-to-monitor-wireguard-activity/
https://procustodibus.com/blog/2021/11/wireguard-nftables/
NAT and Firewall Traversal Persistence https://www.stavros.io/posts/how-to-configure-wireguard/ https://www.digitalocean.com/community/tutorials/how-to-set-up-wireguard-on-ubuntu-20-04 -->