Add wireguard guide

This commit is contained in:
Quentin 2021-03-22 18:37:55 +01:00
parent fac53e9fb3
commit 75ab8b7842

View file

@ -244,11 +244,48 @@ Add our broadband interface to the WWAN zone.
### Configure Wireguard
*Not yet written*
On the router:
### Configure SQS
```bash
mkdir /tmp/x
cd /tmp/x
umask go=
wg genkey | tee wgclient.key | wg pubkey > wgclient.pub
wg genpsk > wgclient.psk
*Only if required, not yet written*
uci add_list firewall.wan.network="vpn"
uci commit firewall
/etc/init.d/firewall restart
uci set network.vpn="interface"
uci set network.vpn.proto="wireguard"
uci set network.vpn.private_key="$(cat /tmp/x/wgclient.key)"
uci add_list network.vpn.addresses="192.168.2.3/24"
uci set network.wgserver="wireguard_vpn"
uci set network.wgserver.public_key="$(cat /tmp/x/wgclient.pub)"
uci set network.wgserver.preshared_key="$(cat /tmp/x/wgclient.psk)"
uci set network.wgserver.endpoint_host="rayonx.machine.deuxfleurs.fr"
uci set network.wgserver.endpoint_port="51820"
uci set network.wgserver.route_allowed_ips="1"
uci set network.wgserver.persistent_keepalive="25"
uci add_list network.wgserver.allowed_ips="0.0.0.0/0"
uci add_list network.wgserver.allowed_ips="::/0"
uci commit network
# update server's configuration
ifup vpn
```
Doc:
- https://openwrt.org/docs/guide-user/services/vpn/wireguard/basics
- https://openwrt.org/docs/guide-user/services/vpn/wireguard/client
### Configure SQM
*Not relevant now*
### Configure our DNS recursive resolver