= wireguard
* [[info:mate:mylan:raspberry6|]] -> pivpn basado en wireguard
== simple network interface
wg genkey > private
wg pubkey < private # client
sudo ip link add dev wg0 type wireguard
ip address add dev wg0 192.168.2.1/24
sudo wg set wg0 private-key ./private
sudo ip link set wg0 up
wg
# machine A
wg set wg0 peer allowed-ips 10.0.0.1/32 endpoint :
#machine B
wg set wg0 peer allowed-ips 10.0.0.2/32 endpoint :
wg show
wg showconf
# machine B
# machine C
* keys gen: wg genkey | tee privatekey | wg pubkey > publickey
=== local install
* 10.0.0.1: raspi4
* 10.0.0.2: myKDE
* 10.0.0.3: k1
* 10.0.0.10: W10
* 10.0.0.20: Mac
[Peer]
# Raspi
PublicKey = wLyNz+pIEHuLkHZat7JJlKRJ/BjMLHfG9F0Lp+2cWTU=
AllowedIPs = 10.0.0.1/32
Endpoint = 192.168.1.70:41724
[Peer]
# Mac
PublicKey = xsYHyM1j5djbCYsF8/56HmXff5Q6UKxgy1VCZyJ84lU=
AllowedIPs = 10.0.0.20/32
Endpoint = 192.168.1.111:61216
[Peer]
# W10
PublicKey = X7UzoJ8RHokM7sCByD7X3gk8FMqIjv77saWndQPQB3Y=
AllowedIPs = 10.0.0.10/24
Endpoint = 192.168.1.186:57873
== tunel edit
* [[https://www.stavros.io/posts/how-to-configure-wireguard/]]
* [[https://www.procustodibus.com/blog/2021/01/wireguard-endpoints-and-ip-addresses/]]
* [[https://upcloud.com/community/tutorials/get-started-wireguard-vpn/]]
[Interface]
PrivateKey = <%%***%%>
Address = 10.0.0.X
ListenPort = 57873
[Peer]
PublicKey = wLyNz+pIEHuLkHZat7JJlKRJ/BjMLHfG9F0Lp+2cWTU=
AllowedIPs = 10.0.0.1/32
Endpoint = 192.168.1.70:41724
# This is for if you're behind a NAT and
# want the connection to be kept alive.
PersistentKeepalive = 25
* ufw:sudo ufw allow XXXXX/udp