home-harmening:sicherheit:vpn:wireguard_server_in_linux

Dies ist eine alte Version des Dokuments!

WireGuard Server auf Linux

Paket installieren 

apt install wireguard


cd /etc/wireguard

Alle nachfolgenden Kommandos im Ordner /etc/wireguard durchführen

Vorbereitungen

Ordner für die Clients anlegen 

mkdir clients

Ordner für die Certs anlegen 

mkdir ssl

Server Zertifikate

Server Zertifikat erstellen 

wg genkey | tee ssl/server_private.key
chmod 600 ssl/server_private.key

Server PublicKey erstellen 

cat ssl/server_private.key | wg pubkey | tee ssl/server_public.key


Client Zertifikate

Client Zertifikat erstellen 

wg genkey | tee ssl/client1_private.key

Client Pubkey erstellen 

cat ssl/client1_private.key | wg pubkey | tee ssl/client1_public.key

Verbindung erstellen

Server Verbindung wg0 erstellen 

cat << EOF > /etc/wireguard/wr0.conf
[Interface]
PrivateKey = $(cat /etc/wireguard/ssl/server_private.key)
Address = 10.0.0.1/24
ListenPort = 51820
PostUp = sysctl net.ipv4.ip_forward=1
PostUp = iptables -A FORWARD -i $(ip a | grep 2: | head -n1 | awk '{print $2}' | awk -F: '{print $1}') -o %i -j ACCEPT
PostUp = iptables -A FORWARD -i %i -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -o $(ip a | grep 2: | head -n1 | awk '{print $2}' | awk -F: '{print $1}') -j MASQUERADE
PostDown = sysctl net.ipv4.ip_forward=0
PostDown = iptables -D FORWARD -i $(ip a | grep 2: | head -n1 | awk '{print $2}' | awk -F: '{print $1}') -o %i -j ACCEPT
PostDown = iptables -D FORWARD -i %i -j ACCEPT
PostDown = iptables -t nat -D POSTROUTING -o $(ip a | grep 2: | head -n1 | awk '{print $2}' | awk -F: '{print $1}') -j MASQUERADE

[Peer]
PublicKey = $(cat /etc/wireguard/ssl/client1_public.key)
AllowedIPs = 10.0.0.2/32
EOF


Das Ergebnis sollte ungeähr so aussehen 

[Interface]
PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx # Private Key des Servers
Address = 10.0.0.1/24
ListenPort = 51820
PostUp = sysctl net.ipv4.ip_forward=1
PostUp = iptables -A FORWARD -i ens6 -o %i -j ACCEPT
PostUp = iptables -A FORWARD -i %i -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -o ens6 -j MASQUERADE
PostDown = sysctl net.ipv4.ip_forward=0
PostDown = iptables -D FORWARD -i ens6 -o %i -j ACCEPT
PostDown = iptables -D FORWARD -i %i -j ACCEPT
PostDown = iptables -t nat -D POSTROUTING -o ens6 -j MASQUERADE

[Peer]
PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx # Public Key des Clients
AllowedIPs = 10.0.0.2/32