Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
Courses
Linux Advanced
Networking and surroundings
Commits
f9b5b5df
Commit
f9b5b5df
authored
Apr 21, 2020
by
JackV
Browse files
Add wireguard section
parent
79f8583e
Pipeline
#557
passed with stage
in 1 minute and 23 seconds
Changes
2
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
poul/css/poul.css
View file @
f9b5b5df
...
...
@@ -201,7 +201,7 @@ body {
.reveal
pre
{
display
:
block
;
position
:
relative
;
width
:
90%
;
//
width
:
90%
;
min-width
:
40em
;
margin
:
20px
auto
;
text-align
:
left
;
...
...
@@ -410,4 +410,4 @@ body {
.reveal
code
.input.root
::before
,
.reveal
pre
.input.root
>
code
::before
{
content
:
"#"
;
}
\ No newline at end of file
}
slides/content.md
View file @
f9b5b5df
...
...
@@ -48,6 +48,94 @@ all these topics can come together
---
### What is a VPN?
A VPN is a piece of software that allows us to access a
**Network**
that is not publicly available (
**Private**
) and which we have
no physical connection to (
**Virtual**
)
---
### Wireguard
Project started in 2016 to replace OpenVPN, in terms
of security and ease of configuration
Strong Points:
*
Minimal codebase, ~40000 loc (originally 4000) vs 600000 for OpenVPN
*
Minimal configuration
*
Fail-open behavior, if misconfigured no packets are routed
---
### Step 1: Generating a key pair
```
bash
wg genkey
>
privatekey
cat
privatekey | wg pubkey
>
publickey
```
This needs to be done for every __host__ that wants to join the vpn
---
### Write server configuration
```
[Interface]
Address = 192.168.10.1/24
ListenPort = 51820
PrivateKey = kIbuAUUbNZeC18onuKDtUui2Oa+l4/RrsU/sjcVKgmU=
PostUp = nft add rule ip filter FORWARD iifname %i counter accept
PostUp = nft add rule ip nat POSTROUTING oifname eth0 counter masquerade
PostDown = nft del rule ip filter FORWARD iifname %i counter accept
PostDown = nft del rule ip nat POSTROUTING oifname eth0 counter masquerade
[Peer]
PublicKey = yL4ajtwU9a2zP9vyVa5hdB5cSl/deLXv0Ldck1Y/FSU=
AllowedIPs = 192.168.10.2/32
```
---
### Write client configuration
```
[Interface]
Address = 192.168.10.2/24
PrivateKey = CCSq5ngQcIGjKS3qu5woC7tYVQM2zJhJVR4jQ9xrXUY=
DNS = 192.168.10.1
[Peer]
PublicKey = xopK6ZfGT0CAS8g8SXmEZf4Ppp3al5XkDJPCYl5Z8So=
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = <server public ip>:51820
```
---
```
wg-quick server.conf
```
```
wg-quick client.conf
```
---
# Done!
---
## Well not so fast
Due to the fail-open nature, it is sometimes difficult to debug
Some debugging techniques are shown in the previous sections.
The linked slides offer a more in-depth explaination of the
configuration that might help to debug problems.
----
# Ansible
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment