Moduuli: WireGuard
Palvelinten hallinta ICI001AS3A-3010 - Syksy 2024
h4 puolikas Tehtävä
a) Puolikas. Tee ensimmäinen vedos omasta modulista.
server
Generate keys
sudo wg genkey | sudo tee /etc/wireguard/privatekey | sudo wg pubkey | sudo tee /etc/wireguard/publickey
Copy the private key
Check the interface
ip -o -4 route show to default | awk '{print $5}'
On the server wg0.conf
[Interface]
PrivateKey= <PrivateKey> LOCATION: /etc/wireguard/privatekey
Address = 10.0.0.1/8
SaveConfig=true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE;
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE;
ListenPort=51820
Start the wg0 on the server
wg-quick up wg0
check is working
$ sudo wg show
$ ip link
check ipv4 is routing packages
$ cat /proc/sys/net/ipv4/ip_forward
$ sudo sysctl -w net.ipv4.ip_forward=1 # run this command if the output of previous is 0
Client
Generate keys
sudo wg genkey | sudo tee /etc/wireguard/privatekey | sudo wg pubkey | sudo tee /etc/wireguard/publickey
Copy the private key
On the client wg0.conf
[Interface]
PrivateKey= <PrivateKey> LOCATION: /etc/wireguard/privatekey
Address=10.0.0.2/8
SaveConfig=true
[Peer]
PublicKey=zL0ygVM3hvDFWcKZ1kWBLb/u/aLq5rk0wMmbmYjpDTw=
Endpoint=192.168.1.101:51820
AllowedIPs=0.0.0.0/0
PersistentKeepalive=20
Start the wireguard
wg-quick up wg0
Check the wg interface
sudo wg
Copy the public key on display, it is the same you generated earlier for client public key.
server
run command to allow client
$ sudo wg set wg0 peer <clientPublicKey> allowed-ips 10.0.0.2/32
TEST
on the client
ping 8.8.8.8
then on the server capture the traffic
sudo tcpdump -envi wg0 host 8.8.8.8
