Wireguard für Proxmox Cluster

Alles zu VPN Tunnel sowie dessen Installation und Konfiguration
Antworten
Benutzeravatar
h3rb3rn
Administrator
Beiträge: 168
Registriert: vor 5 Jahre

Wireguard für Proxmox Cluster

Beitrag von h3rb3rn » vor 3 Monate

Fassung vom 04.05.2020

Backport Repository für Debian Buster

Code: Alles auswählen

echo 'deb http://deb.debian.org/debian buster-backports main contrib non-free' > /etc/apt/sources.list.d/buster-backports.list;
Wireguard installieren

Code: Alles auswählen

apt update;
apt install wireguard wireguard-dkms wireguard-tools pve-headers

Code: Alles auswählen

reboot

Code: Alles auswählen

dkms autoinstall

Code: Alles auswählen

echo "wireguard" >> /etc/modules-load.d/modules.conf

Code: Alles auswählen

modprobe wireguard


Wireguard Server konfigurieren

Server

Code: Alles auswählen

cd /etc/wireguard/;
umask 077; wg genkey | tee privatekey | wg pubkey > publickey

Code: Alles auswählen

echo "privatkey: "$(cat privatekey);
echo "publickey: "$(cat publickey);
Inhalt der /etc/wireguard/wg0.conf generieren

Code: Alles auswählen

rtouch wg0.conf && echo "## Set Up WireGuard VPN on Debian By Editing/Creating wg0.conf File ##" > wg0.conf;
echo "[Interface]" >> wg0.conf;
echo "## My VPN server private IP address ##" >> wg0.conf;
echo "Address = 10.100.20.1/24" >> wg0.conf;
echo " " >> wg0.conf;
echo "## My VPN server port ##" >> wg0.conf;
echo "ListenPort = 62100" >> wg0.conf;
echo " " >> wg0.conf;
echo "## VPN server's private key i.e. /etc/wireguard/privatekey ##" >> wg0.conf;
echo "PrivateKey = "$(cat privatekey) >> wg0.conf;
echo " " >> wg0.conf;
echo "PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o < network interface > -j MASQUERADE" >> wg0.conf;
echo "PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o < network interface > -j MASQUERADE" >> wg0.conf;
echo " " >> wg0.conf;
echo "## Save and update this config file when a new peer (vpn client) added ##" >> wg0.conf;
echo "SaveConfig = true" >> wg0.conf;
echo " " >> wg0.conf;
echo "[Peer]" >> wg0.conf;
echo "PublicKey = <Client Public Key>" >> wg0.conf;
echo "AllowedIPs = 10.100.20.2/24" >> wg0.conf;
Editieren der /etc/wireguard/wg0.conf und Platzhalter < network interface > sowie <Client Public key> ersetzen!

Code: Alles auswählen

wg-quick up wg0

Code: Alles auswählen

sudo systemctl enable wg-quick@wg0

Code: Alles auswählen

sudo wg show

Code: Alles auswählen

sudo ifconfig wg0


Client

Code: Alles auswählen

cd /etc/wireguard/;
umask 077; wg genkey | tee privatekey | wg pubkey > publickey

Code: Alles auswählen

wg-quick down wg0

Code: Alles auswählen

echo "privatkey: "$(cat privatekey);
echo "publickey: "$(cat publickey);
Inhalt der /etc/wireguard/wg0.conf generieren

Code: Alles auswählen

rtouch wg0.conf && echo "## Set Up WireGuard VPN on Debian By Editing/Creating wg0.conf File ##" > wg0.conf;
echo "[Interface]" >> wg0.conf;
echo "## My VPN server private IP address ##" >> wg0.conf;
echo "Address = 10.100.20.2/24" >> wg0.conf;
echo " " >> wg0.conf;
echo "## My VPN server port ##" >> wg0.conf;
echo "ListenPort = 62100" >> wg0.conf;
echo " " >> wg0.conf;
echo "## VPN server's private key i.e. /etc/wireguard/privatekey ##" >> wg0.conf;
echo "PrivateKey = "$(cat privatekey) >> wg0.conf;
echo " " >> wg0.conf;
echo "PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o < network interface > -j MASQUERADE" >> wg0.conf;
echo "PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o < network interface > -j MASQUERADE" >> wg0.conf;
echo " " >> wg0.conf;
echo "## Save and update this config file when a new peer (vpn client) added ##" >> wg0.conf;
echo "SaveConfig = true" >> wg0.conf;
echo " " >> wg0.conf;
echo "[Peer]" >> wg0.conf;
echo "PublicKey = <Server Public key>" >> wg0.conf;
echo "Endpoint = <Server Public IP>:62100" >> wg0.conf;
echo "AllowedIPs = 10.100.20.2/24" >> wg0.conf;
Editieren der /etc/wireguard/wg0.conf und Platzhalter < network interface >, <Server Public key> sowie <Server Public IP> ersetzen!

Code: Alles auswählen

wg-quick up wg0

Code: Alles auswählen

sudo systemctl enable wg-quick@wg0

Code: Alles auswählen

sudo wg show

Code: Alles auswählen

sudo ifconfig wg0


nftable Firewall

Server

Code: Alles auswählen

ip saddr <Client Public IP> udp dport { 62100 } accept
Client

Code: Alles auswählen

ip saddr <Server Public IP> udp dport { 62100 } accept

Link:
BBcode:
HTML:
Hide post links
Show post links

Antworten