Differences

This shows you the differences between two versions of the page.

--- haussteuerung:wireguard:infos [2025/10/12 16:24] – removed - external edit (Unknown date) 127.0.0.1
+++ haussteuerung:wireguard:infos [2025/10/12 16:24] (current) – ↷ Page moved and renamed from haus:wireguard to haussteuerung:wireguard:infos dominik
@@ Line 1: / Line 1: @@
+====== WireGuard ======
+===== Voraussetzungen =====
+  * IONOS VPS Server mit externe IPv4
+  * NAS im Heimnetz
+===== Installation WG =====
+  * Auf der NAS und dem VPS Wireguard installieren \\ ''apt update -y && apt install wireguard -y''
+  * Auf dem Handy WG Tunnel
+^ Recher     ^ IP             ^ Tunnel IP  ^ User  ^ Passwort    ^ Notes  ^
+| IONOS VPS  | 217.160.11.95  | 10.0.0.1   | root  | ''xJ#p9$*DfT'' |        |
+| NAS        | 192.168.30.10  | 10.0.0.2   | root  | romdz6!     |        |
+| Handy      |                | 10.0.0.3   |       |             |        |
+===== Pub/Priv Key erstellen =====
+  * Auf jedem Peer folgendes ausführen \\ ''wg genkey | tee server_private.key | wg pubkey > server_public.key''
+===== Keys =====
+^ Rechner    ^ Private                                           ^ Public                                            ^
+| IONOS VPS  | ''YFgaDQBWzcfCE25q8bUocKRqz5LT1GS6eGrX6SldT3s=''  | ''mFFQAlQt3yMFpG6DbCtN61XXL379epc4MoL0mGM7H30=''  |
+| NAS        | ''EGPMX6pxjh86u0M+YaNUk21suG7iFIOl2jgkvVcf1ng=''  | ''4XOnKh1ZZs6cNVjyFEjTz3njPUYTta3OSPTY4bsCLCs=''  |
+| Handy      | ''mJkKiZROoUm0PtT15kF8b3xmNVMGKUHv7dP6SxEyDEs=''  | ''Or5f7b6myu8FfYUOGG9aqCxj6L38bKlzinszbT6tHhY=''  |
+===== Konfigs =====
+==== IONOS VPS ====
+<code | VPS.conf>
+[Interface]
+Address = 10.0.0.1/24
+PrivateKey = YFgaDQBWzcfCE25q8bUocKRqz5LT1GS6eGrX6SldT3s=
+ListenPort = 51820
+PostUp = iptables -A FORWARD -i wg0 -o wg0 -j ACCEPT
+PostUp = iptables -A FORWARD -i wg0 -j ACCEPT
+PostUp = echo "200 wgexit" >> /etc/iproute2/rt_tables
+PostUp = ip rule add from 10.0.0.3 table 200
+PostUp = ip route add default via 10.0.0.2 dev wg0 table 200
+PostDown = iptables -D FORWARD -i wg0 -o wg0 -j ACCEPT
+PostDown = iptables -D FORWARD -i wg0 -j ACCEPT
+PostDown = ip rule del from 10.0.0.3 table 200
+PostDown = ip route del default via 10.0.0.2 dev wg0 table 200
+[Peer]  # NAS
+PublicKey = 4XOnKh1ZZs6cNVjyFEjTz3njPUYTta3OSPTY4bsCLCs=
+AllowedIPs = 10.0.0.2/32, 192.168.30.0/24
+PersistentKeepalive = 25
+[Peer]  # Handy
+PublicKey = Or5f7b6myu8FfYUOGG9aqCxj6L38bKlzinszbT6tHhY=
+AllowedIPs = 10.0.0.3/32
+PersistentKeepalive = 25
+</code>
+==== NAS ====
+<code | NAS.conf>
+[Interface]
+Address = 10.0.0.2/24
+PrivateKey = EGPMX6pxjh86u0M+YaNUk21suG7iFIOl2jgkvVcf1ng=
+DNS = 192.168.30.20
+PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+PostUp = iptables -A FORWARD -i wg0 -o eno1 -j ACCEPT
+PostUp = iptables -A FORWARD -i eno1 -o wg0 -j ACCEPT  # eno1 -> LAN-Interface
+PostDown = iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE
+PostDown = iptables -D FORWARD -i wg0 -o eno1 -j ACCEPT
+PostDown = iptables -D FORWARD -i eno1 -o wg0 -j ACCEPT
+# VPS Server
+[Peer]
+PublicKey = mFFQAlQt3yMFpG6DbCtN61XXL379epc4MoL0mGM7H30=
+Endpoint = 217.160.11.95:51820
+AllowedIPs = 0.0.0.0/0
+PersistentKeepalive = 25
+</code>
+==== Handy ====
+<code | handy.conf>
+[Interface]
+Address = 10.0.0.3/24
+PrivateKey = mJkKiZROoUm0PtT15kF8b3xmNVMGKUHv7dP6SxEyDEs=
+DNS = 192.168.30.20
+[Peer]
+Endpoint = 217.160.11.95:51820
+PublicKey = mFFQAlQt3yMFpG6DbCtN61XXL379epc4MoL0mGM7H30=
+AllowedIPs = 0.0.0.0/0, ::/0
+PersistentKeepalive = 25
+</code>