= wireguard
  * [[info:mate:mylan:raspberry6|]] -> pivpn basado en wireguard

== simple network interface
<code bash>
wg genkey > private
wg pubkey < private # client

sudo ip link add dev wg0 type wireguard
ip address add dev wg0 192.168.2.1/24
sudo wg set wg0 private-key ./private
sudo ip link set wg0 up

wg

# machine A
wg set wg0 peer <PUB-KEY-MACHINE-B> allowed-ips 10.0.0.1/32 endpoint <IP-MACHINE-B>:<PORT>

#machine B
wg set wg0 peer <PUB-KEY-MACHINE-A> allowed-ips 10.0.0.2/32 endpoint <IP-MACHINE-A>:<PORT>

wg show
wg showconf
</code>
<code>
# machine B

# machine C
</code>

  * keys gen: <code bash>wg genkey | tee privatekey | wg pubkey > publickey</code>

=== local install
  * 10.0.0.1: raspi4
  * 10.0.0.2: myKDE
  * 10.0.0.3: k1
  * 10.0.0.10: W10
  * 10.0.0.20: Mac
<code properties>
[Peer]
# Raspi
PublicKey = wLyNz+pIEHuLkHZat7JJlKRJ/BjMLHfG9F0Lp+2cWTU=
AllowedIPs = 10.0.0.1/32
Endpoint = 192.168.1.70:41724

[Peer]
# Mac
PublicKey = xsYHyM1j5djbCYsF8/56HmXff5Q6UKxgy1VCZyJ84lU=
AllowedIPs = 10.0.0.20/32
Endpoint = 192.168.1.111:61216

[Peer]
# W10
PublicKey = X7UzoJ8RHokM7sCByD7X3gk8FMqIjv77saWndQPQB3Y=
AllowedIPs = 10.0.0.10/24
Endpoint = 192.168.1.186:57873
</code>

== tunel edit
  * [[https://www.stavros.io/posts/how-to-configure-wireguard/]]
  * [[https://www.procustodibus.com/blog/2021/01/wireguard-endpoints-and-ip-addresses/]]
  * [[https://upcloud.com/community/tutorials/get-started-wireguard-vpn/]]

<code properties; server>
[Interface]
PrivateKey = <%%***%%>
Address = 10.0.0.X
ListenPort = 57873
</code>
<code properties; peer>
[Peer]
PublicKey = wLyNz+pIEHuLkHZat7JJlKRJ/BjMLHfG9F0Lp+2cWTU=
AllowedIPs = 10.0.0.1/32
Endpoint = 192.168.1.70:41724

# This is for if you're behind a NAT and
# want the connection to be kept alive.
PersistentKeepalive = 25
</code>

  * ufw:<code bash>sudo ufw allow XXXXX/udp</code>