Update wireward config
This commit is contained in:
parent
8947f7abbd
commit
3a138f1cfe
15
wireguard.md
15
wireguard.md
@ -8,33 +8,44 @@ wg genkey | tee privatekey | wg pubkey > publickey
|
|||||||
|
|
||||||
## CONFIGURE
|
## CONFIGURE
|
||||||
|
|
||||||
|
```sh
|
||||||
configure
|
configure
|
||||||
|
```
|
||||||
|
|
||||||
### Configure server
|
### Configure server
|
||||||
|
```sh
|
||||||
set interfaces wireguard wg0 private-key /config/auth/privatekey
|
set interfaces wireguard wg0 private-key /config/auth/privatekey
|
||||||
set interfaces wireguard wg0 address 10.200.254.1/24
|
set interfaces wireguard wg0 address 10.200.254.1/24
|
||||||
set interfaces wireguard wg0 route-allowed-ips true
|
set interfaces wireguard wg0 route-allowed-ips true
|
||||||
set interfaces wireguard wg0 listen-port 51820
|
set interfaces wireguard wg0 listen-port 51820
|
||||||
|
```
|
||||||
|
|
||||||
### Configure peer (clientes)
|
### Configure peer (clientes)
|
||||||
|
```sh
|
||||||
set interfaces wireguard wg0 peer HMAlHHPMLvcDWhPoGbOkpDiKpZbdfkPZfIb7z6Q3XV0= allowed-ips 10.200.254.101/32
|
set interfaces wireguard wg0 peer HMAlHHPMLvcDWhPoGbOkpDiKpZbdfkPZfIb7z6Q3XV0= allowed-ips 10.200.254.101/32
|
||||||
set interfaces wireguard wg0 peer HMAlHHPMLvcDWhPoGbOkpDiKpZbdfkPZfIb7z6Q3XV0= endpoint capsulecorp.duckdns.org:29922
|
set interfaces wireguard wg0 peer HMAlHHPMLvcDWhPoGbOkpDiKpZbdfkPZfIb7z6Q3XV0= endpoint capsulecorp.duckdns.org:29922
|
||||||
set interfaces wireguard wg0 peer HMAlHHPMLvcDWhPoGbOkpDiKpZbdfkPZfIb7z6Q3XV0= persistent-keepalive 25
|
set interfaces wireguard wg0 peer HMAlHHPMLvcDWhPoGbOkpDiKpZbdfkPZfIb7z6Q3XV0= persistent-keepalive 25
|
||||||
|
```
|
||||||
|
|
||||||
### Configure Firewall
|
### Configure Firewall
|
||||||
|
```sh
|
||||||
set firewall name WAN_LOCAL rule 20 action accept
|
set firewall name WAN_LOCAL rule 20 action accept
|
||||||
set firewall name WAN_LOCAL rule 20 protocol udp
|
set firewall name WAN_LOCAL rule 20 protocol udp
|
||||||
set firewall name WAN_LOCAL rule 20 description 'WireGuard'
|
set firewall name WAN_LOCAL rule 20 description 'WireGuard'
|
||||||
set firewall name WAN_LOCAL rule 20 destination port 51820
|
set firewall name WAN_LOCAL rule 20 destination port 51820
|
||||||
|
```
|
||||||
|
|
||||||
### Configure NAT
|
### Configure NAT
|
||||||
|
```sh
|
||||||
set service nat rule 5010 description 'WireGuard NAT'
|
set service nat rule 5010 description 'WireGuard NAT'
|
||||||
set service nat rule 5010 outbound-interface eth0
|
set service nat rule 5010 outbound-interface eth0
|
||||||
set service nat rule 5010 type masquerade
|
set service nat rule 5010 type masquerade
|
||||||
set service nat rule 5010 source address 10.200.254.0/24
|
set service nat rule 5010 source address 10.200.254.0/24
|
||||||
|
```
|
||||||
|
|
||||||
|
### Save changes
|
||||||
|
```sh
|
||||||
commit
|
commit
|
||||||
save
|
save
|
||||||
exit
|
exit
|
||||||
|
```
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user