Let's configure WireGuard VPN Server with two VPN clients.
Configure WireGuard Server
Install Wireguard
pkg install wireguard-tools
Enable Wireguard in /etc/rc.conf
sysrc wireguard_enable="YES"
sysrc wireguard_interfaces="wg0"
sysrc kld_list+="if_wg" # enable wireguard kernel module
Reboot server
reboot
Generate Private and Public Key
wg genkey | tee /usr/local/etc/wireguard/server_private.key | wg pubkey > /usr/local/etc/wireguard/server_public.key
Make Private Key readable just for root
chmod 600 /usr/local/etc/wireguard/server_private.key
Create configuration file of wg0 interface at /usr/local/etc/wireguard/wg0.conf
[Interface]
Address = 172.16.100.254/24
ListenPort = 51820
PrivateKey = SERVER_PRIVATE_KEY
PostUp = /sbin/ifconfig wg0 up
PostDown = /sbin/ifconfig wg0 down
# Client 1
[Peer]
PublicKey = CLIENT1_PUBLIC_KEY
AllowedIPs = 172.16.100.1/32
# Client 2
[Peer]
PublicKey = CLIENT2_PUBLIC_KEY
AllowedIPs = 172.16.100.2/32
Configure WireGuard Client 1
Install Wireguard
pkg install wireguard-tools
Enable Wireguard in /etc/rc.conf
sysrc wireguard_enable="YES"
sysrc wireguard_interfaces="wg0"
Reboot server
reboot
Generate Private and Public Key
wg genkey | tee /usr/local/etc/wireguard/client_private.key | wg pubkey > /usr/local/etc/wireguard/client_public.key
Make Private Key readable just for root
chmod 600 /usr/local/etc/wireguard/client_private.key
Create configuration file of wg0 interface at /usr/local/etc/wireguard/wg0.conf
[Interface]
Address = 172.16.100.1/24
PrivateKey = CLIENT_PRIVATE_KEY
[Peer]
PublicKey = SERVER_PUBLIC_KEY
Endpoint = SERVER_PUBLIC_IP:51820
Address = 172.16.100.1/24
PrivateKey = CLIENT_PRIVATE_KEY
[Peer]
PublicKey = SERVER_PUBLIC_KEY
Endpoint = SERVER_PUBLIC_IP:51820
AllowedIPs = 172.16.100.254/32
PersistentKeepalive = 25
Configure WireGuard Client 2
The same installation steps as were done for client 1 but different keys and IP addresses in configuration file.Generate Private and Public Key
wg genkey | tee /usr/local/etc/wireguard/client_private.key | wg pubkey > /usr/local/etc/wireguard/client_public.key
Make Private Key readable just for root
chmod 600 /usr/local/etc/wireguard/client_private.key
Create configuration file of wg0 interface at /usr/local/etc/wireguard/wg0.conf
[Interface]
Address = 172.16.100.2/24
PrivateKey = CLIENT_PRIVATE_KEY
[Peer]
PublicKey = SERVER_PUBLIC_KEY
Endpoint = SERVER_PUBLIC_IP:51820
Address = 172.16.100.2/24
PrivateKey = CLIENT_PRIVATE_KEY
[Peer]
PublicKey = SERVER_PUBLIC_KEY
Endpoint = SERVER_PUBLIC_IP:51820
AllowedIPs = 172.16.100.254/32
PersistentKeepalive = 25
No comments:
Post a Comment