haussteuerung:wireguard
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| haussteuerung:wireguard [2025/10/12 16:23] – created dominik | haussteuerung:wireguard [2025/10/14 04:18] (current) – [WireGuard] dominik | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== WireGuard ====== | ====== WireGuard ====== | ||
| + | Unter OMV7 als " | ||
| + | Aber keine Client Verwaltung und Stats ... | ||
| + | ===== TBD ===== | ||
| + | * WireGuard in Docker | ||
| + | * WireGuard Web UI einrichten für Clients | ||
| + | |||
| + | ===== VPS ===== | ||
| + | <code | vps.conf> | ||
| + | root@cloud-server-0: | ||
| + | [Interface] | ||
| + | Address = 10.0.30.1/ | ||
| + | PrivateKey = YFgaDQBWzcfCE25q8bUocKRqz5LT1GS6eGrX6SldT3s= | ||
| + | ListenPort = 51820 | ||
| + | # PostUp/ | ||
| + | # WICHTIG: Ersetze ' | ||
| + | PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens192 -j MASQUERADE | ||
| + | PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens192 -j MASQUERADE | ||
| + | |||
| + | # Peer 1: NAS (OMV) | ||
| + | [Peer] | ||
| + | PublicKey = 4XOnKh1ZZs6cNVjyFEjTz3njPUYTta3OSPTY4bsCLCs= | ||
| + | # AllowedIPs: Die IP des NAS im VPN und das gesamte LAN dahinter | ||
| + | AllowedIPs = 10.0.30.2/ | ||
| + | |||
| + | # Peer 2: Handy | ||
| + | [Peer] | ||
| + | PublicKey = Or5f7b6myu8FfYUOGG9aqCxj6L38bKlzinszbT6tHhY= | ||
| + | AllowedIPs = 10.0.30.3/ | ||
| + | |||
| + | # Peer 3: Notebook | ||
| + | #[Peer] | ||
| + | #PublicKey = < | ||
| + | #AllowedIPs = 10.0.30.4/ | ||
| + | |||
| + | </ | ||
| + | |||
| + | ===== NAS ===== | ||
| + | <code | nas.conf> | ||
| + | [Interface] | ||
| + | Address = 10.0.30.2/ | ||
| + | PrivateKey = EGPMX6pxjh86u0M+YaNUk21suG7iFIOl2jgkvVcf1ng= | ||
| + | # ListenPort ist hier optional, da der NAS sich zum VPS verbindet. | ||
| + | # PostUp/ | ||
| + | # WICHTIG: Ersetze ' | ||
| + | PostUp = iptables -A FORWARD -i %i -o eno1 -j ACCEPT; iptables -A FORWARD -i eno1 -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE | ||
| + | PostDown = iptables -D FORWARD -i %i -o eno1 -j ACCEPT; iptables -D FORWARD -i eno1 -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE | ||
| + | |||
| + | [Peer] | ||
| + | PublicKey = mFFQAlQt3yMFpG6DbCtN61XXL379epc4MoL0mGM7H30= | ||
| + | Endpoint = 217.160.11.95: | ||
| + | # Erlaubte IPs: Das gesamte VPN-Netz. | ||
| + | AllowedIPs = 10.0.30.0/ | ||
| + | # Hält die Verbindung aktiv, wichtig hinter NAT | ||
| + | PersistentKeepalive = 25 | ||
| + | </ | ||
| + | |||
| + | ===== Handy ===== | ||
| + | <code | handy.conf> | ||
| + | [Interface] | ||
| + | PrivateKey = mJkKiZROoUm0PtT15kF8b3xmNVMGKUHv7dP6SxEyDEs= | ||
| + | Address = 10.0.30.3/ | ||
| + | DNS = 192.168.30.20 | ||
| + | |||
| + | [Peer] | ||
| + | PublicKey = mFFQAlQt3yMFpG6DbCtN61XXL379epc4MoL0mGM7H30= | ||
| + | AllowedIPs = 10.0.30.0/ | ||
| + | Endpoint = 217.160.11.95: | ||
| + | </ | ||
haussteuerung/wireguard.1760279028.txt.gz · Last modified: by dominik