haussteuerung:wireguard:infos
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| haussteuerung:wireguard:infos [2026/03/02 21:01] – [Handy] dominik | haussteuerung:wireguard:infos [2026/06/03 18:08] (current) – [NAS] dominik | ||
|---|---|---|---|
| Line 33: | Line 33: | ||
| <code | VPS.conf> | <code | VPS.conf> | ||
| [Interface] | [Interface] | ||
| - | Address = 10.0.0.1/24 | + | Address = 10.30.250.1/24 |
| PrivateKey = YFgaDQBWzcfCE25q8bUocKRqz5LT1GS6eGrX6SldT3s= | PrivateKey = YFgaDQBWzcfCE25q8bUocKRqz5LT1GS6eGrX6SldT3s= | ||
| ListenPort = 51820 | ListenPort = 51820 | ||
| - | PostUp | + | MTU = 1360 |
| - | PostUp | + | Table = off |
| - | PostUp = echo "200 wgexit" | + | |
| - | PostUp = ip rule add from 10.0.0.3 table 200 | + | |
| - | PostUp = ip route add default via 10.0.0.2 dev wg0 table 200 | + | |
| - | PostDown = iptables -D FORWARD -i wg0 -o wg0 -j ACCEPT | + | |
| - | PostDown = iptables -D FORWARD -i wg0 -j ACCEPT | + | |
| - | PostDown = ip rule del from 10.0.0.3 table 200 | + | |
| - | PostDown = ip route del default via 10.0.0.2 dev wg0 table 200 | + | |
| - | [Peer] | + | # 1. Lokales Routing auf dem VPS, damit er weiß, wo deine Heimnetze liegen |
| + | PostUp = ip route add 10.30.1.0/ | ||
| + | PostUp = ip route add 10.30.10.0/ | ||
| + | PostUp = ip route add 10.30.20.0/ | ||
| + | PostUp = ip route add 10.30.30.0/ | ||
| + | PostUp = ip route add 10.30.40.0/ | ||
| + | |||
| + | # 2. Policy Routing: Zwingt den Internet-Traffic der Clients (z.B. Handy) in den Tunnel zur UDM | ||
| + | PostUp = ip rule add iif wg0 lookup 200 | ||
| + | PostUp = ip route add default dev wg0 table 200 | ||
| + | |||
| + | # 3. Erlaubt Linux, die Pakete innerhalb des Tunnels (Handy -> UDM) weiterzuleiten | ||
| + | PostUp = iptables -I FORWARD -i wg0 -o wg0 -j ACCEPT | ||
| + | PreDown = iptables -D FORWARD -i wg0 -o wg0 -j ACCEPT | ||
| + | |||
| + | # Cleanup beim Beenden des Tunnels | ||
| + | PreDown = ip rule del iif wg0 lookup 200 | ||
| + | PreDown = ip route flush table 200 | ||
| + | PreDown = ip route del 10.30.40.0/ | ||
| + | PreDown = ip route del 10.30.30.0/ | ||
| + | PreDown = ip route del 10.30.20.0/ | ||
| + | PreDown = ip route del 10.30.10.0/ | ||
| + | PreDown = ip route del 10.30.1.0/ | ||
| + | |||
| + | # Peer 1: UDM Max (Dein neues Gateway ins Heimnetz und ins Internet) | ||
| + | [Peer] | ||
| PublicKey = 4XOnKh1ZZs6cNVjyFEjTz3njPUYTta3OSPTY4bsCLCs= | PublicKey = 4XOnKh1ZZs6cNVjyFEjTz3njPUYTta3OSPTY4bsCLCs= | ||
| - | AllowedIPs = 10.0.0.2/32, 192.168.30.0/24 | + | # Die 0.0.0.0/0 ist hier essenziell, damit der VPS Anfragen ins Internet an die UDM abgibt |
| - | PersistentKeepalive = 25 | + | AllowedIPs = 10.30.1.0/24, 10.30.10.0/24, 10.30.20.0/24, 10.30.30.0/24, 10.30.40.0/ |
| - | [Peer] | + | # Peer 2: Handy |
| + | [Peer] | ||
| PublicKey = Or5f7b6myu8FfYUOGG9aqCxj6L38bKlzinszbT6tHhY= | PublicKey = Or5f7b6myu8FfYUOGG9aqCxj6L38bKlzinszbT6tHhY= | ||
| - | AllowedIPs = 10.0.0.3/32 | + | AllowedIPs = 10.30.250.3/32 |
| - | PersistentKeepalive | + | |
| + | # Peer 3: Notebook X250 | ||
| + | [Peer] | ||
| + | PublicKey | ||
| + | AllowedIPs = 10.30.250.4/ | ||
| + | |||
| + | # Peer 4: Firma Linux | ||
| + | [Peer] | ||
| + | PublicKey = zUTHdHlfC99dx0pfr09i5qEVKTRFkoUkg5+JPEr6uCo= | ||
| + | AllowedIPs = 10.30.250.5/ | ||
| + | |||
| + | # Peer 5: Doro | ||
| + | [Peer] | ||
| + | PublicKey = HUTtUWCQ1lfZkXJxzY1iL48ZFVqTQzFagr5rhcMa8VQ= | ||
| + | AllowedIPs = 10.30.250.6/ | ||
| </ | </ | ||
| ==== NAS ==== | ==== NAS ==== | ||
| - | <code | NAS.conf> | + | Konfig direkt auf dem UDM Max |
| + | |||
| + | <code | download> | ||
| [Interface] | [Interface] | ||
| - | Address = 10.0.0.2/24 | + | # HIER FEHLT DEIN PRIVATE KEY. |
| - | PrivateKey = EGPMX6pxjh86u0M+YaNUk21suG7iFIOl2jgkvVcf1ng= | + | # Ohne diesen Schlüssel funktioniert der Tunnel nicht. |
| - | DNS = 192.168.30.20 | + | PrivateKey = < |
| - | PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE | + | |
| - | PostUp = iptables -A FORWARD -i wg0 -o eno1 -j ACCEPT | + | |
| - | PostUp = iptables -A FORWARD -i eno1 -o wg0 -j ACCEPT | + | |
| - | PostDown = iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE | + | |
| - | PostDown = iptables -D FORWARD -i wg0 -o eno1 -j ACCEPT | + | |
| - | PostDown = iptables -D FORWARD -i eno1 -o wg0 -j ACCEPT | + | |
| - | # VPS Server | + | # HIER FEHLT DIE IP-ADRESSE DES CLIENTS. |
| - | [Peer] | + | # (z.B. 10.0.0.2/32 - wg show zeigt diese nicht an, du findest sie mit 'ip addr show wgclt1' |
| + | Address = < | ||
| + | |||
| + | # Optional, aber aus deinem Output übernommen | ||
| + | ListenPort = 49845 | ||
| + | |||
| + | [Peer] | ||
| + | # Der Public Key des Servers (Peer) | ||
| PublicKey = mFFQAlQt3yMFpG6DbCtN61XXL379epc4MoL0mGM7H30= | PublicKey = mFFQAlQt3yMFpG6DbCtN61XXL379epc4MoL0mGM7H30= | ||
| + | |||
| + | # Endpoint (IP und Port des Servers) | ||
| Endpoint = 217.160.11.95: | Endpoint = 217.160.11.95: | ||
| + | |||
| + | # Welcher Traffic soll durch den Tunnel? (0.0.0.0/0 bedeutet: Alles) | ||
| AllowedIPs = 0.0.0.0/0 | AllowedIPs = 0.0.0.0/0 | ||
| - | PersistentKeepalive = 25 | + | |
| + | # "every 1 minute" | ||
| + | PersistentKeepalive = 60 | ||
| </ | </ | ||
| Line 94: | Line 137: | ||
| PublicKey = mFFQAlQt3yMFpG6DbCtN61XXL379epc4MoL0mGM7H30= | PublicKey = mFFQAlQt3yMFpG6DbCtN61XXL379epc4MoL0mGM7H30= | ||
| Endpoint = 217.160.11.95: | Endpoint = 217.160.11.95: | ||
| - | AllowedIPs = 0.0.0.0/0 | + | AllowedIPs = 0.0.0.0/0, ::/0 |
| PersistentKeepalive = 25 | PersistentKeepalive = 25 | ||
| </ | </ | ||
haussteuerung/wireguard/infos.1772481668.txt.gz · Last modified: by dominik