= wireguard * [[info:mate:mylan:raspberry6|]] -> pivpn basado en wireguard == simple network interface wg genkey > private wg pubkey < private # client sudo ip link add dev wg0 type wireguard ip address add dev wg0 192.168.2.1/24 sudo wg set wg0 private-key ./private sudo ip link set wg0 up wg # machine A wg set wg0 peer allowed-ips 10.0.0.1/32 endpoint : #machine B wg set wg0 peer allowed-ips 10.0.0.2/32 endpoint : wg show wg showconf # machine B # machine C * keys gen: wg genkey | tee privatekey | wg pubkey > publickey === local install * 10.0.0.1: raspi4 * 10.0.0.2: myKDE * 10.0.0.3: k1 * 10.0.0.10: W10 * 10.0.0.20: Mac [Peer] # Raspi PublicKey = wLyNz+pIEHuLkHZat7JJlKRJ/BjMLHfG9F0Lp+2cWTU= AllowedIPs = 10.0.0.1/32 Endpoint = 192.168.1.70:41724 [Peer] # Mac PublicKey = xsYHyM1j5djbCYsF8/56HmXff5Q6UKxgy1VCZyJ84lU= AllowedIPs = 10.0.0.20/32 Endpoint = 192.168.1.111:61216 [Peer] # W10 PublicKey = X7UzoJ8RHokM7sCByD7X3gk8FMqIjv77saWndQPQB3Y= AllowedIPs = 10.0.0.10/24 Endpoint = 192.168.1.186:57873 == tunel edit * [[https://www.stavros.io/posts/how-to-configure-wireguard/]] * [[https://www.procustodibus.com/blog/2021/01/wireguard-endpoints-and-ip-addresses/]] * [[https://upcloud.com/community/tutorials/get-started-wireguard-vpn/]] [Interface] PrivateKey = <%%***%%> Address = 10.0.0.X ListenPort = 57873 [Peer] PublicKey = wLyNz+pIEHuLkHZat7JJlKRJ/BjMLHfG9F0Lp+2cWTU= AllowedIPs = 10.0.0.1/32 Endpoint = 192.168.1.70:41724 # This is for if you're behind a NAT and # want the connection to be kept alive. PersistentKeepalive = 25 * ufw:sudo ufw allow XXXXX/udp