forked from tildeverse/net
quick_howto.txt
quick & dirty howto add a tilde to ~net (Example based on OpenBSD).
This commit is contained in:
parent
a71f827866
commit
de8c4754f9
|
|
@ -0,0 +1,65 @@
|
|||
How to create a wireguard tunnel to tildenet.
|
||||
https://intranet.tildeverse.org/
|
||||
https://tildegit.org/tildeverse/net/
|
||||
|
||||
|
||||
On your local system. (Example below is based on OpenBSD 6.9)
|
||||
|
||||
Wireguard is part of the base system. You still need to install 'wireguard-tools':
|
||||
|
||||
# pkg_add wireguard-tools
|
||||
|
||||
Accept packet forwarding in between interfaces:
|
||||
|
||||
# sysctl net.inet.ip.forwarding=1
|
||||
# echo "net.inet.ip.forwarding=1" >> /etc/sysctl.conf
|
||||
|
||||
|
||||
Note: 10.0.0.X/24 is being used for the tunnel in between tildes. Each tilde can then use 10.0.X.0/24 for their local clients.
|
||||
|
||||
|
||||
Create the configuration folder:
|
||||
|
||||
mkdir /etc/wireguard
|
||||
chmod 700 /etc/wireguard
|
||||
cd /etc/wireguard
|
||||
|
||||
Generate your server keypair
|
||||
wg genkey > secret.key
|
||||
chmod 600 secret.key
|
||||
wg pubkey < secret.key > public.key
|
||||
|
||||
Create your tunnel/interface config file: /etc/wireguard/wg0.conf
|
||||
|
||||
Based on : https://tildegit.org/tildeverse/net/src/branch/master/peers.txt
|
||||
|
||||
Pickup your IP range for your tilde and the associate tunnel IP
|
||||
|
||||
PrivateKey is the content of your /etc/wireguard/secret.key
|
||||
|
||||
Address = the ip you've choosen for this server
|
||||
|
||||
For the other tilde to add you as [Peer] open a PR against https://tildegit.org/tildeverse/net
|
||||
|
||||
// need an account on tildegit which has to be from a known tilde email@.
|
||||
|
||||
|
||||
The PR should contain your local tunnel IP (10.0.0.X/32 that will be their AllowedIPs and 10.0.X.0/24 for your local tilde peers) and your Endpoint being your public IP or hostname with the port WG is listening to. Just as the other are formated.
|
||||
|
||||
|
||||
Back to your system, setup /etc/hostname.wg0:
|
||||
|
||||
inet 10.0.0.49 255.255.255.0 NONE
|
||||
up
|
||||
!/usr/local/bin/wg setconf wg0 /etc/wireguard/wg0.conf
|
||||
|
||||
|
||||
Update your PF config by adding to /etc/pf.conf:
|
||||
|
||||
# wireguard setup for tildenet
|
||||
pass in on wg0
|
||||
pass in inet proto udp from any to any port 54224
|
||||
pass out on egress inet from (wg0:network) nat-to (em0:0)
|
||||
|
||||
(em0 being your interface name then pfctl -f /etc/pf.conf)
|
||||
|
||||
Loading…
Reference in New Issue