Wireguard einrichten: Unterschied zwischen den Versionen

Aus XccesS Wiki
Zur Navigation springen Zur Suche springen
← Zum vorherigen VersionsunterschiedZum nächsten Versionsunterschied →
VisuellWikitext
K Änderung 352 von Hendrik (Diskussion) rückgängig gemacht.
KKeine Bearbeitungszusammenfassung
Zeile 41: Zeile 41:
wg-quick up wg0
wg-quick up wg0


====OPNSense als Client====
 
Instanz erzeugen
=====Wireguard Client=====
apt install wireguard -y
Peer erzeugen
Peer erzeugen
nano /etc/wireguard/wg0.conf
nano /etc/wireguard/wg0.conf
Zeile 49: Zeile 50:
Address = 10.0.0.6/32
Address = 10.0.0.6/32
DNS = 192.168.1.14,1.1.1.1,8.8.8.8
DNS = 192.168.1.14,1.1.1.1,8.8.8.8
#Table = off


# Route zum Homelab-Host *explizit* anlegen
#WoW Portweiterleitung ins HomeLab
#PostUp   = ip route add 192.168.1.17/32 dev %i
# ---------- PostUp ----------
#PostDown = ip route del 192.168.1.17/32 dev %i
PostUp = sysctl -w net.ipv4.ip_forward=1
PostUp = iptables -t nat -A PREROUTING  -p tcp --dport 8085 -j DNAT --to-destination 192.168.1.17:8085
PostUp = iptables -t nat -A PREROUTING  -p tcp --dport 3724 -j DNAT --to-destination 192.168.1.17:3724
PostUp = iptables -t nat -A POSTROUTING -o %i -j MASQUERADE
PostUp = iptables -A FORWARD -i eth0 -o %i -p tcp -m multiport --dports 8085,3724 -m conntrack --ctstate NEW      -j ACCEPT
PostUp = iptables -A FORWARD                      -m conntrack --ctstate ESTABLISHED,RELATED                      -j ACCEPT
 
# ---------- PostDown ----------
PostDown = iptables -t nat -D PREROUTING  -p tcp --dport 8085 -j DNAT --to-destination 192.168.1.17:8085
PostDown = iptables -t nat -D PREROUTING  -p tcp --dport 3724 -j DNAT --to-destination 192.168.1.17:3724
PostDown = iptables -t nat -D POSTROUTING -o %i -j MASQUERADE
PostDown = iptables -D FORWARD -i eth0 -o %i -p tcp -m multiport --dports 8085,3724 -m conntrack --ctstate NEW      -j ACCEPT
PostDown = iptables -D FORWARD                      -m conntrack --ctstate ESTABLISHED,RELATED                      -j ACCEPT
PostDown = sysctl -w net.ipv4.ip_forward=0
 




Version vom 3. Juni 2025, 23:42 Uhr

Beschreibung

Download

Installation

apt install wireguard -y

Konfiguration

Server

Keys erzeugen 

wg genkey | sudo tee /etc/wireguard/priv.key
chmod go= /etc/wireguard/priv.key

cat /etc/wireguard/priv.key | wg pubkey | sudo tee >> /etc/wireguard/pub.key
nano /etc/wireguard/wg0.conf

Inhalt: 

[Interface]
Address = 10.0.5.1/24
ListenPort = 51820
# Use your own private key, from /etc/wireguard/privatekey
PrivateKey = XXX 


#Routen einstellen damit Clients kommunizieren können
PostUp     = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; iptables -A FORWARD -i wg0 -o wg0 -j ACCEPT
PostDown   = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
# Client 1
PublicKey = XXX
# VPN client's IP address in the VPN
AllowedIPs = 10.0.5.2/32
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf && sysctl -p && sysctl -w net.ipv4.ip_forward=1

wg-quick up wg0


Wireguard Client

apt install wireguard -y Peer erzeugen nano /etc/wireguard/wg0.conf [Interface] PrivateKey = Address = 10.0.0.6/32 DNS = 192.168.1.14,1.1.1.1,8.8.8.8

  1. WoW Portweiterleitung ins HomeLab
  2. ---------- PostUp ----------

PostUp = sysctl -w net.ipv4.ip_forward=1 PostUp = iptables -t nat -A PREROUTING -p tcp --dport 8085 -j DNAT --to-destination 192.168.1.17:8085 PostUp = iptables -t nat -A PREROUTING -p tcp --dport 3724 -j DNAT --to-destination 192.168.1.17:3724 PostUp = iptables -t nat -A POSTROUTING -o %i -j MASQUERADE PostUp = iptables -A FORWARD -i eth0 -o %i -p tcp -m multiport --dports 8085,3724 -m conntrack --ctstate NEW -j ACCEPT PostUp = iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

  1. ---------- PostDown ----------

PostDown = iptables -t nat -D PREROUTING -p tcp --dport 8085 -j DNAT --to-destination 192.168.1.17:8085 PostDown = iptables -t nat -D PREROUTING -p tcp --dport 3724 -j DNAT --to-destination 192.168.1.17:3724 PostDown = iptables -t nat -D POSTROUTING -o %i -j MASQUERADE PostDown = iptables -D FORWARD -i eth0 -o %i -p tcp -m multiport --dports 8085,3724 -m conntrack --ctstate NEW -j ACCEPT PostDown = iptables -D FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT PostDown = sysctl -w net.ipv4.ip_forward=0


[Peer] PublicKey = Endpoint = xsarts.de:51820 AllowedIPs = 192.168.1.0/24

Update

Test

Fehlerbehebung

Starten/Stoppen funktioniert nicht

Lösung 1
auszufüllen

Codeschnipsel

Nützliche Links

Codeschnipsel

Nützliche Links

Abgerufen von „https://wiki.fam-puls.de/index.php?title=Wireguard_einrichten&oldid=354