Add wireguard guide

README.md

@@ -244,11 +244,48 @@ Add our broadband interface to the WWAN zone.
 
 ### Configure Wireguard
 
-*Not yet written*
+On the router:
 
-### Configure SQS
+```bash
+mkdir /tmp/x
+cd /tmp/x
+umask go=
+wg genkey | tee wgclient.key | wg pubkey > wgclient.pub
+wg genpsk > wgclient.psk
 
-*Only if required, not yet written*
+uci add_list firewall.wan.network="vpn"
+uci commit firewall
+/etc/init.d/firewall restart
+
+uci set network.vpn="interface"
+uci set network.vpn.proto="wireguard"
+uci set network.vpn.private_key="$(cat /tmp/x/wgclient.key)"
+uci add_list network.vpn.addresses="192.168.2.3/24"
+
+uci set network.wgserver="wireguard_vpn"
+uci set network.wgserver.public_key="$(cat /tmp/x/wgclient.pub)"
+uci set network.wgserver.preshared_key="$(cat /tmp/x/wgclient.psk)"
+uci set network.wgserver.endpoint_host="rayonx.machine.deuxfleurs.fr"
+uci set network.wgserver.endpoint_port="51820"
+uci set network.wgserver.route_allowed_ips="1"
+uci set network.wgserver.persistent_keepalive="25"
+uci add_list network.wgserver.allowed_ips="0.0.0.0/0"
+uci add_list network.wgserver.allowed_ips="::/0"
+uci commit network
+
+# update server's configuration
+
+ifup vpn
+```
+
+Doc:
+
+ - https://openwrt.org/docs/guide-user/services/vpn/wireguard/basics
+ - https://openwrt.org/docs/guide-user/services/vpn/wireguard/client
+
+### Configure SQM
+
+*Not relevant now*
 
 ### Configure our DNS recursive resolver