Wireguard: julie - UXG
Také viz julie.mixi.cz.
Setup
julie - klíče
aptitude install wireguard resolvconf
wg genkey | tee ./privatekey | wg pubkey > ./publickey
UXG
Configure WireGuard on UXG (Server)
- Open UniFi Network App and go to Settings > VPN > VPN Server.
- Create a New WireGuard Server:
- Name:
julie-UXG - Listen Port:
51820(default) - Server Address: WAN1
- Advanced → Gateway/Subnet: 192.168.64.1/24
- okopírovat si public key pro julii
- Name:
- Add a Peer (julie):
- Peer Name:
julie - Peer Address:
192.168.64.2 - Public Key: Paste the contents of
~/publickeyfrom julie.
- Peer Name:
- Save and Apply the configuration.
julie - Configure WireGuard
Create /etc/wireguard/wg0.conf:
[Interface]
PrivateKey = <julie_private_key>
Address = 10.8.0.2/32
DNS = 192.168.1.254
[Peer]
PublicKey = <uxg_public_key>
Endpoint = 78.80.47.34:51820
AllowedIPs = 192.168.0.0/16
PersistentKeepalive = 25
- Replace
<julie_private_key>with the content of~/privatekey. - Replace
<uxg_public_key>with the public key from the UXG WireGuard server.
Start wireguard:
sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0
julie - Shorewall
Add these to your Shorewall configuration to allow WireGuard traffic:
/etc/shorewall/rules
# Allow incoming WireGuard from UXG
ACCEPT net:78.80.47.34 fw udp 51820
# Allow VPN subnet
ACCEPT net:192.168.0.0/16 $FW
ACCEPT $FW net:192.168.0.0/16
/etc/shorewall/interfaces
vpn wg0 detect dhcp
Reload Shorewall
sudo shorewall reload
otestování
julie:
sudo wg
ping 192.168.64.1
ping 192.168.1.1
lokálně:
ping 192.168.64.2
# telnet to LDAP
echo -n | telnet 192.168.64.2 389