|
|
|
|
|
|
by mirimir
2876 days ago
|
|
|
Others have posted great links. But one great aspect is how simple it is. The hardest part is getting a kernel module that works with your kernel. In my experience, the best way to do that is to build it. And that's the hardest part in getting WireGuard working. In Debian, that means using the latest stable release (at least) with the latest kernel. Once you have WireGuard working, creating tunnels is utterly trivial. For a toy implementation: peer 0 with IPv4 address 1.2.3.4
# ip link add dev wg0 type wireguard
# ip link list
[see wg0]
# wg genkey | tee privatekey | wg pubkey > publickey
# mkdir wg
# mv privatekey publickey ./wg/
# ip address add dev wg0 10.0.10.1 peer 10.0.10.2
# wg set wg0 listen-port 51820 private-key ~/wg/privatekey
# ip link set wg0 up
# wg
interface: wg0
public key: 0GS...0U=
private key: (hidden)
listening port: 51820
# wg set wg0 peer IlC...QI= allowed-ips 0.0.0.0/0 endpoint 6.7.8.9:51820
peer 1 with IPv4 address 6.7.8.9
# ip link add dev wg0 type wireguard
# ip link list
[see wg0]
# wg genkey | tee privatekey | wg pubkey > publickey
# mkdir wg
# mv privatekey publickey ./wg/
# ip address add dev wg0 10.0.10.2 peer 10.0.10.1
# wg set wg0 listen-port 51820 private-key ~/wg/privatekey
# ip link set wg0 up
# wg
interface: wg0
public key: IlC...QI=
private key: (hidden)
listening port: 51820
# wg set wg0 peer 0GS...0U= allowed-ips 0.0.0.0/0 endpoint 1.2.3.4:51820
|
|
|
(generate new keys to manage, create new network interfaces, assign new IPs, run wireguard ...)
I would agree that this is relatively simple but only compared to the other mainstream options (namely, OpenVPN and IPSEC) but it is much, much more complicated than sshuttle[1] which distinguishes itself by allowing you to use any ssh server as a VPN endpoint.
No server side software install is required - all you need on the endpoint is an ssh login.
[1] https://github.com/sshuttle