From 41a833a2dbd8f4522f0742e44425a45b133f8b7b Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Mon, 22 Mar 2021 18:43:26 +0100 Subject: [PATCH] Simplify VPN config --- README.md | 41 +++++++++++++++++------------------------ 1 file changed, 17 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 62beda3..15213f5 100644 --- a/README.md +++ b/README.md @@ -231,6 +231,8 @@ Then we can start the interface with: ifup broadband ``` +Add our broadband interface to the WAN zone in the firewall. + Both IPv6 and IPv4 should work: ``` @@ -238,9 +240,6 @@ ping openwrt.org ping -6 openwrt.org ``` -### Configure Zones - -Add our broadband interface to the WWAN zone. ### Configure Wireguard @@ -252,30 +251,24 @@ cd /tmp/x umask go= wg genkey | tee wgclient.key | wg pubkey > wgclient.pub wg genpsk > wgclient.psk +``` -uci add_list firewall.wan.network="vpn" -uci commit firewall -/etc/init.d/firewall restart +Add to `/etc/config/network` -uci set network.vpn="interface" -uci set network.vpn.proto="wireguard" -uci set network.vpn.private_key="$(cat /tmp/x/wgclient.key)" -uci add_list network.vpn.addresses="192.168.2.3/24" +``` +config interface 'wg0' + option proto 'wireguard' + list addresses '192.168.2.3' + option private_key '???' -uci set network.wgserver="wireguard_vpn" -uci set network.wgserver.public_key="$(cat /tmp/x/wgclient.pub)" -uci set network.wgserver.preshared_key="$(cat /tmp/x/wgclient.psk)" -uci set network.wgserver.endpoint_host="rayonx.machine.deuxfleurs.fr" -uci set network.wgserver.endpoint_port="51820" -uci set network.wgserver.route_allowed_ips="1" -uci set network.wgserver.persistent_keepalive="25" -uci add_list network.wgserver.allowed_ips="0.0.0.0/0" -uci add_list network.wgserver.allowed_ips="::/0" -uci commit network - -# update server's configuration - -ifup vpn +config wireguard_wg0 + option public_key '???' + option description 'rayonx' + option persistent_keepalive '25' + option endpoint_port '51820' + list allowed_ips '192.168.2.0/24' + option route_allowed_ips '1' + option endpoint_host 'rayonx.machine.dufour.io' ``` Doc: