This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
cs:wireguard [2020/12/14 20:59] paolo_bolzoni [Configuration] |
cs:wireguard [2021/07/27 07:43] (current) paolo_bolzoni small fixes |
||
---|---|---|---|
Line 12: | Line 12: | ||
==== Configuration ==== | ==== Configuration ==== | ||
- | Wireguard interfaces are set up with configuration files that uses a ini syntax. In the ini file is a section called ''[Interface]'' that describes the interface itself and one or more ''[Peer]'' sections that describe who can be reached and how. | + | Wireguard interfaces are set up with configuration files that uses a ini syntax. In the ini file is a section called ''[Interface]'' that describes the interface itself and one or more ''[Peer]'' sections that describe from who can be reached and how. |
Each interface comprises a asymmetrical key, the private key never leaves the computer hosting the interface, the public key is the main identification of each peer. | Each interface comprises a asymmetrical key, the private key never leaves the computer hosting the interface, the public key is the main identification of each peer. | ||
Line 67: | Line 67: | ||
=== IPtables === | === IPtables === | ||
- | For firewalling a machine running Wireguard needs to be able to receive UDP datagrams in the ''51820'' port (or wherever the physical interface is listening) and allow traffic to the Wireguard interface. | + | For firewalling a machine running Wireguard needs to be able to receive UDP datagrams in the ''51820'' port (or whence the physical interface is listening) and allow traffic to the Wireguard interface. |
Besides, if routing is necessary (i.e., the ''[Interface] Address'' section is not a single IP) forward traffic should be allowed. | Besides, if routing is necessary (i.e., the ''[Interface] Address'' section is not a single IP) forward traffic should be allowed. | ||
Line 92: | Line 92: | ||
Forwarding needs to be enabled at kernel level. | Forwarding needs to be enabled at kernel level. | ||
- | # sysctl -w net.ipv4.ip_forward=1 | + | # sysctl -w net.ipv4.ip_forward=1 |
If IPv6 is used: | If IPv6 is used: | ||
- | # sysctl -w net.ipv6.conf.all.forwarding=1 | + | # sysctl -w net.ipv6.conf.all.forwarding=1 |