Add wireguard guide
This commit is contained in:
parent
fac53e9fb3
commit
75ab8b7842
1 changed files with 40 additions and 3 deletions
43
README.md
43
README.md
|
@ -244,11 +244,48 @@ Add our broadband interface to the WWAN zone.
|
|||
|
||||
### Configure Wireguard
|
||||
|
||||
*Not yet written*
|
||||
On the router:
|
||||
|
||||
### Configure SQS
|
||||
```bash
|
||||
mkdir /tmp/x
|
||||
cd /tmp/x
|
||||
umask go=
|
||||
wg genkey | tee wgclient.key | wg pubkey > wgclient.pub
|
||||
wg genpsk > wgclient.psk
|
||||
|
||||
*Only if required, not yet written*
|
||||
uci add_list firewall.wan.network="vpn"
|
||||
uci commit firewall
|
||||
/etc/init.d/firewall restart
|
||||
|
||||
uci set network.vpn="interface"
|
||||
uci set network.vpn.proto="wireguard"
|
||||
uci set network.vpn.private_key="$(cat /tmp/x/wgclient.key)"
|
||||
uci add_list network.vpn.addresses="192.168.2.3/24"
|
||||
|
||||
uci set network.wgserver="wireguard_vpn"
|
||||
uci set network.wgserver.public_key="$(cat /tmp/x/wgclient.pub)"
|
||||
uci set network.wgserver.preshared_key="$(cat /tmp/x/wgclient.psk)"
|
||||
uci set network.wgserver.endpoint_host="rayonx.machine.deuxfleurs.fr"
|
||||
uci set network.wgserver.endpoint_port="51820"
|
||||
uci set network.wgserver.route_allowed_ips="1"
|
||||
uci set network.wgserver.persistent_keepalive="25"
|
||||
uci add_list network.wgserver.allowed_ips="0.0.0.0/0"
|
||||
uci add_list network.wgserver.allowed_ips="::/0"
|
||||
uci commit network
|
||||
|
||||
# update server's configuration
|
||||
|
||||
ifup vpn
|
||||
```
|
||||
|
||||
Doc:
|
||||
|
||||
- https://openwrt.org/docs/guide-user/services/vpn/wireguard/basics
|
||||
- https://openwrt.org/docs/guide-user/services/vpn/wireguard/client
|
||||
|
||||
### Configure SQM
|
||||
|
||||
*Not relevant now*
|
||||
|
||||
### Configure our DNS recursive resolver
|
||||
|
||||
|
|
Loading…
Reference in a new issue