Dr. Klipper Wiki

User Tools

Site Tools

You are here: Dr. Klipper » Haussteuerung » WireGuard » WireGuard
Trace: HACS WireGuard
haussteuerung:wireguard:infos

Table of Contents

WireGuard

Voraussetzungen

  • IONOS VPS Server mit externe IPv4
  • NAS im Heimnetz

Installation WG

  • Auf der NAS und dem VPS Wireguard installieren
    apt update -y && apt install wireguard -y
  • Auf dem Handy WG Tunnel
Recher IP Tunnel IP User Passwort Notes
IONOS VPS 217.160.11.95 10.0.0.1 root xJ#p9$*DfT
NAS 192.168.30.10 10.0.0.2 root romdz6!
Handy 10.0.0.3

Pub/Priv Key erstellen

  • Auf jedem Peer folgendes ausführen
    wg genkey | tee server_private.key | wg pubkey > server_public.key

Keys

Rechner Private Public
IONOS VPS YFgaDQBWzcfCE25q8bUocKRqz5LT1GS6eGrX6SldT3s= mFFQAlQt3yMFpG6DbCtN61XXL379epc4MoL0mGM7H30=
NAS EGPMX6pxjh86u0M+YaNUk21suG7iFIOl2jgkvVcf1ng= 4XOnKh1ZZs6cNVjyFEjTz3njPUYTta3OSPTY4bsCLCs=
Handy mJkKiZROoUm0PtT15kF8b3xmNVMGKUHv7dP6SxEyDEs= Or5f7b6myu8FfYUOGG9aqCxj6L38bKlzinszbT6tHhY=

Konfigs

IONOS VPS

VPS.conf
[Interface]
Address = 10.0.0.1/24
PrivateKey = YFgaDQBWzcfCE25q8bUocKRqz5LT1GS6eGrX6SldT3s=
ListenPort = 51820
PostUp = iptables -A FORWARD -i wg0 -o wg0 -j ACCEPT
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT
PostUp = echo "200 wgexit" >> /etc/iproute2/rt_tables
PostUp = ip rule add from 10.0.0.3 table 200
PostUp = ip route add default via 10.0.0.2 dev wg0 table 200
PostDown = iptables -D FORWARD -i wg0 -o wg0 -j ACCEPT
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT
PostDown = ip rule del from 10.0.0.3 table 200
PostDown = ip route del default via 10.0.0.2 dev wg0 table 200

[Peer]  # NAS
PublicKey = 4XOnKh1ZZs6cNVjyFEjTz3njPUYTta3OSPTY4bsCLCs=
AllowedIPs = 10.0.0.2/32, 192.168.30.0/24
PersistentKeepalive = 25

[Peer]  # Handy
PublicKey = Or5f7b6myu8FfYUOGG9aqCxj6L38bKlzinszbT6tHhY=
AllowedIPs = 10.0.0.3/32
PersistentKeepalive = 25

NAS

NAS.conf
[Interface]
Address = 10.0.0.2/24
PrivateKey = EGPMX6pxjh86u0M+YaNUk21suG7iFIOl2jgkvVcf1ng=
DNS = 192.168.30.20
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostUp = iptables -A FORWARD -i wg0 -o eno1 -j ACCEPT
PostUp = iptables -A FORWARD -i eno1 -o wg0 -j ACCEPT  # eno1 -> LAN-Interface
PostDown = iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -o eno1 -j ACCEPT
PostDown = iptables -D FORWARD -i eno1 -o wg0 -j ACCEPT

# VPS Server
[Peer]  
PublicKey = mFFQAlQt3yMFpG6DbCtN61XXL379epc4MoL0mGM7H30=
Endpoint = 217.160.11.95:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

Handy

handy.conf
[Interface]
Address = 10.0.0.3/24
PrivateKey = mJkKiZROoUm0PtT15kF8b3xmNVMGKUHv7dP6SxEyDEs=
DNS = 192.168.30.20

[Peer]
Endpoint = 217.160.11.95:51820
PublicKey = mFFQAlQt3yMFpG6DbCtN61XXL379epc4MoL0mGM7H30=
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 25
haussteuerung/wireguard/infos.txt · Last modified: by dominik
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki