wireguard

• Raspberry 3B+ (192.168.24.60) -> DNS → pivpn basado en wireguard

wg genkey > private
wg pubkey < private # client
 
sudo ip link add dev wg0 type wireguard
ip address add dev wg0 192.168.2.1/24
sudo wg set wg0 private-key ./private
sudo ip link set wg0 up
 
wg
 
# machine A
wg set wg0 peer <PUB-KEY-MACHINE-B> allowed-ips 10.0.0.1/32 endpoint <IP-MACHINE-B>:<PORT>
 
#machine B
wg set wg0 peer <PUB-KEY-MACHINE-A> allowed-ips 10.0.0.2/32 endpoint <IP-MACHINE-A>:<PORT>
 
wg show
wg showconf

# machine B

# machine C

• keys gen:

  wg genkey | tee privatekey | wg pubkey > publickey

• 10.0.0.1: raspi4
• 10.0.0.2: myKDE
• 10.0.0.3: k1
• 10.0.0.10: W10
• 10.0.0.20: Mac

• https://www.stavros.io/posts/how-to-configure-wireguard/
• https://www.procustodibus.com/blog/2021/01/wireguard-endpoints-and-ip-addresses/

server

[Interface]
PrivateKey = <%%***%%>
Address = 10.0.0.X
ListenPort = 57873

peer

[Peer]
PublicKey = wLyNz+pIEHuLkHZat7JJlKRJ/BjMLHfG9F0Lp+2cWTU=
AllowedIPs = 10.0.0.1/32
Endpoint = 192.168.1.70:41724
 
# This is for if you're behind a NAT and
# want the connection to be kept alive.
PersistentKeepalive = 25

• ufw:

  sudo ufw allow XXXXX/udp