meta data for this page
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| linux:vpn:wireguard [2024/12/20 21:41] – niziak | linux:vpn:wireguard [2025/09/23 08:14] (current) – niziak | ||
|---|---|---|---|
| Line 2: | Line 2: | ||
| * [[https:// | * [[https:// | ||
| + | * [[https:// | ||
| + | |||
| + | ===== routing ===== | ||
| + | |||
| + | * sending: list of allowed IPs behaves as routing table | ||
| + | * receiving: list of allowed IPs behaves as ACL | ||
| + | |||
| + | ==== mesh ==== | ||
| + | |||
| + | Duplicated peer IPS (allowed IPs): | ||
| + | * not allowed | ||
| + | * technically wg is working but traffic is directed only to last connected peer ??? | ||
| + | |||
| + | The same peer IP (allowed IPs) on 2 or more wg interfaces: | ||
| + | * allowed | ||
| + | * kernel routing makes decision | ||
| + | |||
| + | Best and clear option: | ||
| + | * P2P wg links | ||
| + | * OSPF or other dynamic routing protocol | ||
| + | |||
| + | ==== working example ==== | ||
| ''/ | ''/ | ||
| Line 69: | Line 91: | ||
| # activate on boot | # activate on boot | ||
| auto wg0 | auto wg0 | ||
| + | |||
| # interface configuration | # interface configuration | ||
| iface wg0 inet static | iface wg0 inet static | ||
| Line 81: | Line 104: | ||
| </ | </ | ||
| + | ==== using ifupdown + wgquick ==== | ||
| + | |||
| + | Usefull when client config is generated in '' | ||
| + | |||
| + | <file / | ||
| + | # activate on boot | ||
| + | auto user-tunnel | ||
| + | |||
| + | # interface configuration | ||
| + | iface user-tunnel inet static | ||
| + | address 192.168.1.24/ | ||
| + | pre-up wg-quick up $IFACE | ||
| + | post-down wg-quick down $IFACE | ||
| + | </ | ||