Differences

This shows you the differences between two versions of the page.

--- haussteuerung:wireguard:infos [2026/03/02 20:56] – [Table] dominik
+++ haussteuerung:wireguard:infos [2026/06/03 18:08] (current) – [NAS] dominik
@@ Line 25: / Line 25: @@
 | NAS            | ''EGPMX6pxjh86u0M+YaNUk21suG7iFIOl2jgkvVcf1ng=''  | ''4XOnKh1ZZs6cNVjyFEjTz3njPUYTta3OSPTY4bsCLCs=''  |
 | Handy          | ''mJkKiZROoUm0PtT15kF8b3xmNVMGKUHv7dP6SxEyDEs=''  | ''Or5f7b6myu8FfYUOGG9aqCxj6L38bKlzinszbT6tHhY=''  |
-| X250 Notebook  | "wMXaNqJ5tSzinf+XaxK95sH5RHEOThpR/qXOkKC5/3U="    | "UkHXpioh9plZpdDGwLa+8CuxZ9mlYR3LftEbnf8cUhU="    |
+| X250 Notebook  | ''wMXaNqJ5tSzinf+XaxK95sH5RHEOThpR/qXOkKC5/3U=''  | ''UkHXpioh9plZpdDGwLa+8CuxZ9mlYR3LftEbnf8cUhU=''  |
-| Firma Linux    | "mPGz8alOB5X0x2BtisIeVPGB+NBiXqhWWZax/4WTrXs="    | "zUTHdHlfC99dx0pfr09i5qEVKTRFkoUkg5+JPEr6uCo="    |
+| Firma Linux    | ''mPGz8alOB5X0x2BtisIeVPGB+NBiXqhWWZax/4WTrXs=''  | ''zUTHdHlfC99dx0pfr09i5qEVKTRFkoUkg5+JPEr6uCo=''  |
-| Doro           | "YH5eJ8H7VIlrltgpIr2J9jGPXARuCwSbxggV0+2MRXQ="    | "HUTtUWCQ1lfZkXJxzY1iL48ZFVqTQzFagr5rhcMa8VQ="    |
+| Doro           | ''YH5eJ8H7VIlrltgpIr2J9jGPXARuCwSbxggV0+2MRXQ=''  | ''HUTtUWCQ1lfZkXJxzY1iL48ZFVqTQzFagr5rhcMa8VQ=''  |
 ===== Konfigs =====
@@ Line 33: / Line 33: @@
 <code | VPS.conf>
 [Interface]
-Address = 10.0.0.1/24
+Address = 10.30.250.1/24
 PrivateKey = YFgaDQBWzcfCE25q8bUocKRqz5LT1GS6eGrX6SldT3s=
 ListenPort = 51820
-PostUp = iptables -A FORWARD -i wg0 -o wg0 -j ACCEPT
+MTU = 1360
-PostUp = iptables -A FORWARD -i wg0 -j ACCEPT
+Table = off
-PostUp = echo "200 wgexit" >> /etc/iproute2/rt_tables
-PostUp = ip rule add from 10.0.0.3 table 200
-PostUp = ip route add default via 10.0.0.2 dev wg0 table 200
-PostDown = iptables -D FORWARD -i wg0 -o wg0 -j ACCEPT
-PostDown = iptables -D FORWARD -i wg0 -j ACCEPT
-PostDown = ip rule del from 10.0.0.3 table 200
-PostDown = ip route del default via 10.0.0.2 dev wg0 table 200
-[Peer]  # NAS
+# 1. Lokales Routing auf dem VPS, damit er weiß, wo deine Heimnetze liegen
+PostUp = ip route add 10.30.1.0/24 dev wg0
+PostUp = ip route add 10.30.10.0/24 dev wg0
+PostUp = ip route add 10.30.20.0/24 dev wg0
+PostUp = ip route add 10.30.30.0/24 dev wg0
+PostUp = ip route add 10.30.40.0/24 dev wg0
+# 2. Policy Routing: Zwingt den Internet-Traffic der Clients (z.B. Handy) in den Tunnel zur UDM
+PostUp = ip rule add iif wg0 lookup 200
+PostUp = ip route add default dev wg0 table 200
+# 3. Erlaubt Linux, die Pakete innerhalb des Tunnels (Handy -> UDM) weiterzuleiten
+PostUp = iptables -I FORWARD -i wg0 -o wg0 -j ACCEPT
+PreDown = iptables -D FORWARD -i wg0 -o wg0 -j ACCEPT
+# Cleanup beim Beenden des Tunnels
+PreDown = ip rule del iif wg0 lookup 200
+PreDown = ip route flush table 200
+PreDown = ip route del 10.30.40.0/24 dev wg0
+PreDown = ip route del 10.30.30.0/24 dev wg0
+PreDown = ip route del 10.30.20.0/24 dev wg0
+PreDown = ip route del 10.30.10.0/24 dev wg0
+PreDown = ip route del 10.30.1.0/24 dev wg0
+# Peer 1: UDM Max (Dein neues Gateway ins Heimnetz und ins Internet)
+[Peer]
 PublicKey = 4XOnKh1ZZs6cNVjyFEjTz3njPUYTta3OSPTY4bsCLCs=
-AllowedIPs = 10.0.0.2/32, 192.168.30.0/24
+# Die 0.0.0.0/0 ist hier essenziell, damit der VPS Anfragen ins Internet an die UDM abgibt
-PersistentKeepalive = 25
+AllowedIPs = 10.30.1.0/24, 10.30.10.0/24, 10.30.20.0/24, 10.30.30.0/24, 10.30.40.0/24, 0.0.0.0/0
-[Peer]  # Handy
+# Peer 2: Handy
+[Peer]
 PublicKey = Or5f7b6myu8FfYUOGG9aqCxj6L38bKlzinszbT6tHhY=
-AllowedIPs = 10.0.0.3/32
+AllowedIPs = 10.30.250.3/32
-PersistentKeepalive = 25
+# Peer 3: Notebook X250
+[Peer]
+PublicKey = UkHXpioh9plZpdDGwLa+8CuxZ9mlYR3LftEbnf8cUhU=
+AllowedIPs = 10.30.250.4/32
+# Peer 4: Firma Linux
+[Peer]
+PublicKey = zUTHdHlfC99dx0pfr09i5qEVKTRFkoUkg5+JPEr6uCo=
+AllowedIPs = 10.30.250.5/32
+# Peer 5: Doro
+[Peer]
+PublicKey = HUTtUWCQ1lfZkXJxzY1iL48ZFVqTQzFagr5rhcMa8VQ=
+AllowedIPs = 10.30.250.6/32
 </code>
 ==== NAS ====
-<code | NAS.conf>
+Konfig direkt auf dem UDM Max
+<code | download>
 [Interface]
-Address = 10.0.0.2/24
+# HIER FEHLT DEIN PRIVATE KEY.
-PrivateKey = EGPMX6pxjh86u0M+YaNUk21suG7iFIOl2jgkvVcf1ng=
+# Ohne diesen Schlüssel funktioniert der Tunnel nicht.
-DNS = 192.168.30.20
+PrivateKey = <DEIN_GEHEIMER_SCHLÜSSEL_HIER_EINTRAGEN>
-PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-PostUp = iptables -A FORWARD -i wg0 -o eno1 -j ACCEPT
-PostUp = iptables -A FORWARD -i eno1 -o wg0 -j ACCEPT  # eno1 -> LAN-Interface
-PostDown = iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE
-PostDown = iptables -D FORWARD -i wg0 -o eno1 -j ACCEPT
-PostDown = iptables -D FORWARD -i eno1 -o wg0 -j ACCEPT
-# VPS Server
+# HIER FEHLT DIE IP-ADRESSE DES CLIENTS.
-[Peer]
+# (z.B. 10.0.0.2/32 - wg show zeigt diese nicht an, du findest sie mit 'ip addr show wgclt1')
+Address = <DEINE_INTERNE_WIREGUARD_IP_HIER_EINTRAGEN>
+# Optional, aber aus deinem Output übernommen
+ListenPort = 49845
+[Peer]
+# Der Public Key des Servers (Peer)
 PublicKey = mFFQAlQt3yMFpG6DbCtN61XXL379epc4MoL0mGM7H30=
+# Endpoint (IP und Port des Servers)
 Endpoint = 217.160.11.95:51820
+# Welcher Traffic soll durch den Tunnel? (0.0.0.0/0 bedeutet: Alles)
 AllowedIPs = 0.0.0.0/0
-PersistentKeepalive = 25
+# "every 1 minute" entspricht 60 Sekunden in der Config
+PersistentKeepalive = 60
 </code>
 ==== Handy ====
-<code | handy.conf>
+<code | Client.conf>
 [Interface]
-Address = 10.0.0.3/24
+# HIER den jeweiligen privaten Schlüssel des Geräts eintragen (Laptop, Arbeit oder Frau)
-PrivateKey = mJkKiZROoUm0PtT15kF8b3xmNVMGKUHv7dP6SxEyDEs=
+PrivateKey = <JEWEILIGER_PRIVATE_KEY>
-DNS = 192.168.30.20
+# IP anpassen: Laptop (.4), Arbeit (.5), Frau (.6)
+Address = 10.30.250.X/32
+DNS = 10.30.1.111
+MTU = 1360
 [Peer]
-Endpoint = 217.160.11.95:51820
+# Das ist und bleibt der Public Key deines IONOS Servers
 PublicKey = mFFQAlQt3yMFpG6DbCtN61XXL379epc4MoL0mGM7H30=
+Endpoint = 217.160.11.95:51820
 AllowedIPs = 0.0.0.0/0, ::/0
 PersistentKeepalive = 25