« WireGuard LXC Alpine Linux » : différence entre les versions
Aller à la navigation
Aller à la recherche
| Ligne 73 : | Ligne 73 : | ||
PublicKey = ***************************************** | PublicKey = ***************************************** | ||
PresharedKey = ***************************************** | PresharedKey = ***************************************** | ||
<font color= | <font color=blue>AllowedIPs = 0.0.0.0/1, 128.0.0.0/1</font> | ||
Endpoint = myserver.dyndns.org:51820 | Endpoint = myserver.dyndns.org:51820 | ||
| Ligne 79 : | Ligne 79 : | ||
| niveau = information | | niveau = information | ||
| icône = loupe | | icône = loupe | ||
| texte = <font color= | | texte = <font color=blue>Allowed IP</font> modifié pour ne pas redirigé tout le traffic local.. | ||
}} | }} | ||
Version du 9 mai 2021 à 10:31
100 % Testé et approuvé
ProxMox
Côté serveur :
# apt update && apt upgrade # apt install pve-headers # echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list # apt update # apt install -t buster-backports wireguard-dkms # modprobe wireguard # echo "wireguard" >> /etc/modules-load.d/modules.conf
LXC Alpine 3.12
WireGuard Server
HDD : 0,5G / CPU : 1 / RAM : 256mb ??
Avec un téléphone android connecté !!! :
On autorise el routage :
# echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf # sysctl -p
net.ipv4.ip_forward = 1
# rc-update add sysctl default
Puis on install :
# apk update && apk upgrade # apk add wireguard-tools
On récup la configuration sur wireguardconfig
# vi /etc/wireguard/wg0.conf
[Interface] Address = 10.0.0.1/24 ListenPort = 51820 PrivateKey = ***************************************** PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE [Peer] PublicKey = ***************************************** PresharedKey = ***************************************** AllowedIPs = 10.0.0.2/32 [Peer] PublicKey = ***************************************** PresharedKey = ***************************************** AllowedIPs = 10.0.0.3/32 [Peer] PublicKey = ***************************************** PresharedKey = ***************************************** AllowedIPs = 10.0.0.4/32
# vi /etc/wireguard/client1.conf
[Interface] Address = 10.0.0.2/24 ListenPort = 51820 PrivateKey = ***************************************** [Peer] PublicKey = ***************************************** PresharedKey = ***************************************** AllowedIPs = 0.0.0.0/1, 128.0.0.0/1 Endpoint = myserver.dyndns.org:51820
Test
# wg-quick up wg0
[#] ip link add wg0 type wireguard [#] wg setconf wg0 /dev/fd/63 [#] ip -4 address add 10.0.0.1/24 dev wg0 [#] ip link set mtu 1420 up dev wg0 [#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# wg
interface: wg0 public key: ***************************************** private key: (hidden) listening port: 51820 peer: ***************************************** preshared key: (hidden) allowed ips: 10.0.0.2/32 peer: ***************************************** preshared key: (hidden) allowed ips: 10.0.0.3/32 peer: ***************************************** preshared key: (hidden) allowed ips: 10.0.0.4/32
Fin du test :
# wg-quick down wg0
[#] ip link delete dev wg0 [#] iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
wg0 au boot via init.d
# vi /etc/init.d/wireguard
#!/sbin/openrc-run
depend() {
need localmount
need net
}
start() {
ebegin "Starting wireguard"
/usr/bin/wg-quick up wg0
eend $?
}
stop() {
ebegin "Stopping wireguard"
/usr/bin/wg-quick down wg0
eend $?
}
# chmod +x /etc/init.d/wireguard
# rc-update add wireguard default
On lance :
# service wireguard start
On peut tester avec "wg", rebooter pour vérifier etc...
(Optionnel) QR Code
# apk add libqrencode
Exemple :
# qrencode -t ansiutf8 < /etc/wireguard/client1.conf
voila!