WireGuard : Configure Client (FreeBSD)2024/09/20 |
Install WireGuard which is the simple yet fast and modern VPN software. This example is based on the environment like follows. First, it needs to configure IP masquerade setting on your router that UDP packets to global IP address of WireGuard server from WireGuard client via internet are forwared to local IP address of WireGuard server. +------------------------+ | [ WireGuard Server ] |172.16.100.1 (VPN IP) | dlp.srv.world +--------+ | |wg0 | +-----------+------------+ | vtnet0|10.0.0.30/24 | | | | Local Network | +------+-----+ | -------| Router#1 |---------------|----- +------+-----+ | | | Internet | Internet | | | +------+-----+ | -------| Router#2 |---------------|----- +------+-----+ | | Local Network | | | vtnet0|192.168.10.30/24 | +-----------+------------+ | | [ WireGuard Client ] |wg0 | | +--------+ | |172.16.100.5 (VPN IP) +------------------------+ |
[1] |
Transfer files or notify contents of [Private key for client] and [Public key for server] generated on WireGuard server to target Client computer. |
[2] | Install WireGuard. |
root@client:~ # pkg install -y wireguard-tools
|
[3] | Configure WireGuard. |
root@client:~ #
umask 077
# create a new config # [wg0.conf] ⇒ [(VPN interface name).conf] # VPN interface name ⇒ any name you like root@client:~ # vi /usr/local/etc/wireguard/wg0.conf [Interface] # specify private key for client generated on WireGuard server PrivateKey = eMJa2BQliS8mNFZiYrebWaCFlda9cNC9JPEvWOb3G2A= # IP address for VPN interface Address = 172.16.100.5/24 [Peer] # specify public key for server generated on WireGuard server PublicKey = AazFOtPUm8ZM7rfqMhOYdF4UFKXENOkSB7r0LMxZNnA= # IP addresses you allow to connect # on the example below, set WireGuard server's VPN IP address and real local network AllowedIPs = 172.16.100.1, 10.0.0.0/24 # specify server's global IP address:port # (acutually, example of IP below is for private range, replace to your own global IP) EndPoint = 172.29.10.100:51820 sysrc wireguard_interfaces="wg0" wireguard_interfaces: -> wg0 root@client:~ # service wireguard enable wireguard enabled in /etc/rc.conf root@client:~ # service wireguard start [#] ifconfig wg create name wg0 [#] wg setconf wg0 /dev/stdin [#] ifconfig wg0 inet 172.16.100.5/24 alias [#] ifconfig wg0 mtu 1420 [#] ifconfig wg0 up [#] route -q -n add -inet 172.16.100.1/32 -interface wg0 [#] route -q -n add -inet 10.0.0.0/24 -interface wg0 [+] Backgrounding route monitorroot@client:~ # ifconfig vtnet0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500 options=4c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,TXCSUM_IPV6> ether 52:54:00:7c:de:11 inet 192.168.0.30 netmask 0xffffff00 broadcast 192.168.0.255 inet6 fe80::5054:ff:fe7c:de11%vtnet0 prefixlen 64 scopeid 0x1 media: Ethernet autoselect (10Gbase-T <full-duplex>) status: active nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384 options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 groups: lo nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> wg0: flags=10080c1<UP,RUNNING,NOARP,MULTICAST,LOWER_UP> metric 0 mtu 1420 options=80000<LINKSTATE> inet 172.16.100.5 netmask 0xffffff00 groups: wg nd6 options=109<PERFORMNUD,IFDISABLED,NO_DAD> # confirm connection state root@client:~ # wg show interface: wg0 public key: lFQASdqSmQhPXuEtTO8/xBVrbgpXSVZQhP9mQAbyNUw= private key: (hidden) listening port: 23438 peer: AazFOtPUm8ZM7rfqMhOYdF4UFKXENOkSB7r0LMxZNnA= endpoint: 172.29.10.100:51820 allowed ips: 10.0.0.0/24, 172.16.100.1/32 |
[4] | After VPN session is successfully established, Verify access to local network of WireGuard server. |
root@client:~ # ping -c 3 10.0.0.30 PING 10.0.0.30 (10.0.0.30): 56 data bytes 64 bytes from 10.0.0.30: icmp_seq=0 ttl=64 time=3.302 ms 64 bytes from 10.0.0.30: icmp_seq=1 ttl=64 time=1.205 ms 64 bytes from 10.0.0.30: icmp_seq=2 ttl=64 time=1.264 ms --- 10.0.0.30 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 1.205/1.924/3.302/0.975 msroot@client:~ # ssh -o StrictHostKeyChecking=no ubuntu@10.0.0.203 hostname Warning: Permanently added '10.0.0.203' (ED25519) to the list of known hosts. ubuntu@10.0.0.203's password: ubuntu |
Sponsored Link |
|