Trace: cli

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
linux:vpn:wireguard [2022/12/20 11:27] – [Wireguard as VPN Server on RockyLinux] mblinux:vpn:wireguard [2022/12/20 15:51] (current) – [Wireguard as VPN Server on RockyLinux] mb
Line 18: Line 18:
 In this case a configuration file is used - because we are lazy. \\ In this case a configuration file is used - because we are lazy. \\
 <code bash>sudo vi /etc/wireguard/wg0.conf </code> <code bash>sudo vi /etc/wireguard/wg0.conf </code>
-wg0 is the name of the interface, which will be created. The file contents this:\\+wg0 is the name of the interface, which will be created. Inside the configuration, lines can be commented with using//#//. The file contents this:\\
 <code bash>[Interface] <code bash>[Interface]
-Address = 192.168.2.1/24+Address = 192.168.3.1/24
 SaveConfig = true SaveConfig = true
 PostUp = firewall-cmd --zone=public --add-port 51820/udp && firewall-cmd --zone=public --add-masquerade PostUp = firewall-cmd --zone=public --add-port 51820/udp && firewall-cmd --zone=public --add-masquerade
Line 26: Line 26:
 ListenPort = 51820 ListenPort = 51820
 PrivateKey =  YOUR_SERVER_PRIVATEKEY</code> PrivateKey =  YOUR_SERVER_PRIVATEKEY</code>
 +The above section only covers the WireGuard interface. First an IP-address range for the interface is set, in this case the locally unused 192.168.3.x net. \\
 +With SaveConfig=true the configuration can be overwritten by WireGuard, e.g. when adding new peers.\\
 +The next two lines describe the firewall rules when starting or shutting down the service. And seriously i need to clean my keyboard, the keys f and cc are working occasionally which drives me insane. \\
 +Next we describe the listening port of the VPN server, if it is changed, the firewall port has to be changed as well. \\
 +Last in this section the private key of the server is added, simply copy it from the private.key file in /etc/wireguard \\
 +To start the interface use:
 +<code bash>sudo wg-quick up ng0 </code>
 +The output after it should be:
 +{{ :linux:vpn:wg-quick_up.png?direct&750 |}}
 +When the WireGuard service is up and running, it can be checked with 
 +<code bash>sudo wg</code>
 +This will show the following:
 +{{ :linux:vpn:wg_show.png?direct&600 |}}
 +With //sudo wg// we check all interfaces of wireguard, it is possible to create multiple interfaces for one instance. \\
 +Now our VPN server is up and running. To stop it use:
 +<code bash>sudo wg-quick down wg0</code>
  
 +====== WireGuard Web UI ======
 +Adding peers isn't easy and can be frustrating. There are some web UIs which can deliver a solution. \\
 +One of them is [[https://github.com/joseantmazonsb/linguard|linguard]] which is powered by python :) \\  
 ====== Wireguard as VPN Client on Linux ====== ====== Wireguard as VPN Client on Linux ======
 MacOs and Linux are similar configured as clients. \\ MacOs and Linux are similar configured as clients. \\

Page Tools