Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Wireguard

Attention, il faut bien activer l’IP Forwarding sur notre système. Et le rendre persistant.

Activation :

echo 1 > /proc/sys/net/ipv4/ip_forward

Pour le rendre persistant, ajouter au sysctl :

net.ipv4.ip_forward=1

Debian

Installation des paquets

apt install wireguard wireguard-tools

Génération des clés

wg genkey | sudo tee /etc/wireguard/wg-private.key | wg pubkey | sudo tee /etc/wireguard/wg-public.key

Affichage des clé pour l’ajout aux configurations

cat /etc/wireguard/wg-private.key

cat /etc/wireguard/wg-public.key

Configuration

vim /etc/wireguard/wg0.conf

[Interface]
Address = 172.16.16.16/24
SaveConfig = true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o enp7s0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o enp7s0 -j MASQUERADE
ListenPort = 51234
PrivateKey = SNkHh4mupzBty5EYZG3cA6YliWqxNE4dS0NFYvt+b3A=

[Peer]
PublicKey = 23SOICm8uhCcga/KANTufWfCkJyvRgMJEnH3CeA18Xc=
AllowedIPs = 172.16.16.26/32, 192.168.100.0/24
Endpoint = 31.14.71.72:51234

Faire la même configuration sur la machine en face en adaptant la configuration des adresses IP.

Monter la nouvelle interface wg0 et l’activer

wg-quick up wg0

wg show wg0

systemctl enable wg-quick@wg0.service

systemctl start wg-quick@wg0.service

systemctl status wg-quick@wg0.service

Alpine LXC

Installation

apk add wireguard-tools wireguard-tools-wg wireguard-tools-wg-quick

Génération des clés de chiffrement

wg genkey | tee /etc/wireguard/wg-private.key | wg pubkey > /etc/wireguard/wg-public.key

Configuration

vim /etc/wireguard/wg0.conf

[Interface]
Address = 172.16.16.26/24
SaveConfig = true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51234
PrivateKey = gA5oSQ68uCfOOH3SmADlYN1i92UsOz5wVF1HelXe0mY=

[Peer]
PublicKey = vEwwRdzT9a5sMM1VXrX3szR6cTBDgmTmcZD9MssGYAs=
AllowedIPs = 172.16.16.16/32, 10.0.0.0/24
Endpoint = 168.119.239.115:51234

Démarrage automatique

  • Ajout du lien pour le démarrage ln -s /etc/init.d/wg-quick /etc/init.d/wg-quick.wg0
  • Il est possible de démarrer le service : rc-service wg-quick.wg0 start