From 75ab8b78421d23d62a0a69c94abb6e02e74afac1 Mon Sep 17 00:00:00 2001
From: Quentin Dufour <quentin@deuxfleurs.fr>
Date: Mon, 22 Mar 2021 18:37:55 +0100
Subject: [PATCH] Add wireguard guide

---
 README.md | 43 ++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 40 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 23dbe08..62beda3 100644
--- a/README.md
+++ b/README.md
@@ -244,11 +244,48 @@ Add our broadband interface to the WWAN zone.
 
 ### Configure Wireguard
 
-*Not yet written*
+On the router:
 
-### Configure SQS
+```bash
+mkdir /tmp/x
+cd /tmp/x
+umask go=
+wg genkey | tee wgclient.key | wg pubkey > wgclient.pub
+wg genpsk > wgclient.psk
 
-*Only if required, not yet written*
+uci add_list firewall.wan.network="vpn"
+uci commit firewall
+/etc/init.d/firewall restart
+
+uci set network.vpn="interface"
+uci set network.vpn.proto="wireguard"
+uci set network.vpn.private_key="$(cat /tmp/x/wgclient.key)"
+uci add_list network.vpn.addresses="192.168.2.3/24"
+
+uci set network.wgserver="wireguard_vpn"
+uci set network.wgserver.public_key="$(cat /tmp/x/wgclient.pub)"
+uci set network.wgserver.preshared_key="$(cat /tmp/x/wgclient.psk)"
+uci set network.wgserver.endpoint_host="rayonx.machine.deuxfleurs.fr"
+uci set network.wgserver.endpoint_port="51820"
+uci set network.wgserver.route_allowed_ips="1"
+uci set network.wgserver.persistent_keepalive="25"
+uci add_list network.wgserver.allowed_ips="0.0.0.0/0"
+uci add_list network.wgserver.allowed_ips="::/0"
+uci commit network
+
+# update server's configuration
+
+ifup vpn
+```
+
+Doc:
+
+ - https://openwrt.org/docs/guide-user/services/vpn/wireguard/basics
+ - https://openwrt.org/docs/guide-user/services/vpn/wireguard/client
+
+### Configure SQM
+
+*Not relevant now*
 
 ### Configure our DNS recursive resolver