forked from tildeverse/net
66 lines
1.9 KiB
Plaintext
66 lines
1.9 KiB
Plaintext
How to create a wireguard tunnel to tildenet.
|
|
https://intranet.tildeverse.org/
|
|
https://tildegit.org/tildeverse/net/
|
|
|
|
|
|
On your local system. (Example below is based on OpenBSD 6.9)
|
|
|
|
Wireguard is part of the base system. You still need to install 'wireguard-tools':
|
|
|
|
# pkg_add wireguard-tools
|
|
|
|
Accept packet forwarding in between interfaces:
|
|
|
|
# sysctl net.inet.ip.forwarding=1
|
|
# echo "net.inet.ip.forwarding=1" >> /etc/sysctl.conf
|
|
|
|
|
|
Note: 10.0.0.X/24 is being used for the tunnel in between tildes. Each tilde can then use 10.0.X.0/24 for their local clients.
|
|
|
|
|
|
Create the configuration folder:
|
|
|
|
mkdir /etc/wireguard
|
|
chmod 700 /etc/wireguard
|
|
cd /etc/wireguard
|
|
|
|
Generate your server keypair
|
|
wg genkey > secret.key
|
|
chmod 600 secret.key
|
|
wg pubkey < secret.key > public.key
|
|
|
|
Create your tunnel/interface config file: /etc/wireguard/wg0.conf
|
|
|
|
Based on : https://tildegit.org/tildeverse/net/src/branch/master/peers.txt
|
|
|
|
Pickup your IP range for your tilde and the associate tunnel IP
|
|
|
|
PrivateKey is the content of your /etc/wireguard/secret.key
|
|
|
|
Address = the ip you've choosen for this server
|
|
|
|
For the other tilde to add you as [Peer] open a PR against https://tildegit.org/tildeverse/net
|
|
|
|
// need an account on tildegit which has to be from a known tilde email@.
|
|
|
|
|
|
The PR should contain your local tunnel IP (10.0.0.X/32 that will be their AllowedIPs and 10.0.X.0/24 for your local tilde peers) and your Endpoint being your public IP or hostname with the port WG is listening to. Just as the other are formated.
|
|
|
|
|
|
Back to your system, setup /etc/hostname.wg0:
|
|
|
|
inet 10.0.0.49 255.255.255.0 NONE
|
|
up
|
|
!/usr/local/bin/wg setconf wg0 /etc/wireguard/wg0.conf
|
|
|
|
|
|
Update your PF config by adding to /etc/pf.conf:
|
|
|
|
# wireguard setup for tildenet
|
|
pass in on wg0
|
|
pass in inet proto udp from any to any port 54224
|
|
pass out on egress inet from (wg0:network) nat-to (em0:0)
|
|
|
|
(em0 being your interface name then pfctl -f /etc/pf.conf)
|
|
|