wireguard

• Raspberry 4 (192.168.1.70) -> VPN Wireguard + DNS → pivpn basado en wireguard

wg genkey > private
wg pubkey < private # client
 
sudo ip link add dev wg0 type wireguard
ip address add dev wg0 192.168.2.1/24
sudo wg set wg0 private-key ./private
sudo ip link set wg0 up
 
wg
 
# machine A
wg set wg0 peer <PUB-KEY-MACHINE-B> allowed-ips 10.0.0.1/32 endpoint <IP-MACHINE-B>:<PORT>
 
#machine B
wg set wg0 peer <PUB-KEY-MACHINE-A> allowed-ips 10.0.0.2/32 endpoint <IP-MACHINE-A>:<PORT>
 
wg show
wg showconf

# machine B

# machine C

• keys gen:

  wg genkey | tee privatekey | wg pubkey > publickey

• 10.0.0.1: raspi4
• 10.0.0.2: myKDE
• 10.0.0.3: k1
• 10.0.0.10: W10
• 10.0.0.20: Mac

[Peer]
# Raspi
PublicKey = wLyNz+pIEHuLkHZat7JJlKRJ/BjMLHfG9F0Lp+2cWTU=
AllowedIPs = 10.0.0.1/32
Endpoint = 192.168.1.70:41724
 
[Peer]
# Mac
PublicKey = xsYHyM1j5djbCYsF8/56HmXff5Q6UKxgy1VCZyJ84lU=
AllowedIPs = 10.0.0.20/32
Endpoint = 192.168.1.111:61216
 
[Peer]
# W10
PublicKey = X7UzoJ8RHokM7sCByD7X3gk8FMqIjv77saWndQPQB3Y=
AllowedIPs = 10.0.0.10/24
Endpoint = 192.168.1.186:57873

• https://www.stavros.io/posts/how-to-configure-wireguard/
• https://www.procustodibus.com/blog/2021/01/wireguard-endpoints-and-ip-addresses/
• https://upcloud.com/community/tutorials/get-started-wireguard-vpn/

server

[Interface]
PrivateKey = <%%***%%>
Address = 10.0.0.X
ListenPort = 57873

peer

[Peer]
PublicKey = wLyNz+pIEHuLkHZat7JJlKRJ/BjMLHfG9F0Lp+2cWTU=
AllowedIPs = 10.0.0.1/32
Endpoint = 192.168.1.70:41724
 
# This is for if you're behind a NAT and
# want the connection to be kept alive.
PersistentKeepalive = 25

• ufw:

  sudo ufw allow XXXXX/udp