This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | |||
cs:wireguard [2020/12/14 21:00] paolo_bolzoni [Configuration] |
cs:wireguard [2021/07/27 07:43] (current) paolo_bolzoni small fixes |
||
---|---|---|---|
Line 12: | Line 12: | ||
==== Configuration ==== | ==== Configuration ==== | ||
- | Wireguard interfaces are set up with configuration files that uses a ini syntax. In the ini file is a section called ''[Interface]'' that describes the interface itself and one or more ''[Peer]'' sections that describe who can be reached and how. | + | Wireguard interfaces are set up with configuration files that uses a ini syntax. In the ini file is a section called ''[Interface]'' that describes the interface itself and one or more ''[Peer]'' sections that describe from who can be reached and how. |
Each interface comprises a asymmetrical key, the private key never leaves the computer hosting the interface, the public key is the main identification of each peer. | Each interface comprises a asymmetrical key, the private key never leaves the computer hosting the interface, the public key is the main identification of each peer. | ||
Line 67: | Line 67: | ||
=== IPtables === | === IPtables === | ||
- | For firewalling a machine running Wireguard needs to be able to receive UDP datagrams in the ''51820'' port (or wherever the physical interface is listening) and allow traffic to the Wireguard interface. | + | For firewalling a machine running Wireguard needs to be able to receive UDP datagrams in the ''51820'' port (or whence the physical interface is listening) and allow traffic to the Wireguard interface. |
Besides, if routing is necessary (i.e., the ''[Interface] Address'' section is not a single IP) forward traffic should be allowed. | Besides, if routing is necessary (i.e., the ''[Interface] Address'' section is not a single IP) forward traffic should be allowed. |