Wireguard für Proxmox Cluster

Alles zu VPN Tunnel sowie dessen Installation und Konfiguration
Post Reply
User avatar
h3rb3rn
Administrator
Posts: 189
Joined: Mon 9. Feb 2015, 23:29

Wireguard für Proxmox Cluster

Post by h3rb3rn »

Fassung vom 04.05.2020

Backport Repository für Debian Buster

Code: Select all

echo 'deb http://deb.debian.org/debian buster-backports main contrib non-free' > /etc/apt/sources.list.d/buster-backports.list;
Wireguard installieren

Code: Select all

apt update;
apt install wireguard wireguard-dkms wireguard-tools pve-headers

Code: Select all

reboot

Code: Select all

dkms autoinstall

Code: Select all

echo "wireguard" >> /etc/modules-load.d/modules.conf

Code: Select all

modprobe wireguard


Wireguard Server konfigurieren

Server

Code: Select all

cd /etc/wireguard/;
umask 077; wg genkey | tee privatekey | wg pubkey > publickey

Code: Select all

echo "privatkey: "$(cat privatekey);
echo "publickey: "$(cat publickey);
Inhalt der /etc/wireguard/wg0.conf generieren

Code: Select all

rtouch wg0.conf && echo "## Set Up WireGuard VPN on Debian By Editing/Creating wg0.conf File ##" > wg0.conf;
echo "[Interface]" >> wg0.conf;
echo "## My VPN server private IP address ##" >> wg0.conf;
echo "Address = 10.100.20.1/24" >> wg0.conf;
echo " " >> wg0.conf;
echo "## My VPN server port ##" >> wg0.conf;
echo "ListenPort = 62100" >> wg0.conf;
echo " " >> wg0.conf;
echo "## VPN server's private key i.e. /etc/wireguard/privatekey ##" >> wg0.conf;
echo "PrivateKey = "$(cat privatekey) >> wg0.conf;
echo " " >> wg0.conf;
echo "PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o < network interface > -j MASQUERADE" >> wg0.conf;
echo "PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o < network interface > -j MASQUERADE" >> wg0.conf;
echo " " >> wg0.conf;
echo "## Save and update this config file when a new peer (vpn client) added ##" >> wg0.conf;
echo "SaveConfig = true" >> wg0.conf;
echo " " >> wg0.conf;
echo "[Peer]" >> wg0.conf;
echo "PublicKey = <Client Public Key>" >> wg0.conf;
echo "AllowedIPs = 10.100.20.2/24" >> wg0.conf;
Editieren der /etc/wireguard/wg0.conf und Platzhalter < network interface > sowie <Client Public key> ersetzen!

Code: Select all

wg-quick up wg0

Code: Select all

sudo systemctl enable wg-quick@wg0

Code: Select all

sudo wg show

Code: Select all

sudo ifconfig wg0


Client

Code: Select all

cd /etc/wireguard/;
umask 077; wg genkey | tee privatekey | wg pubkey > publickey

Code: Select all

wg-quick down wg0

Code: Select all

echo "privatkey: "$(cat privatekey);
echo "publickey: "$(cat publickey);
Inhalt der /etc/wireguard/wg0.conf generieren

Code: Select all

rtouch wg0.conf && echo "## Set Up WireGuard VPN on Debian By Editing/Creating wg0.conf File ##" > wg0.conf;
echo "[Interface]" >> wg0.conf;
echo "## My VPN server private IP address ##" >> wg0.conf;
echo "Address = 10.100.20.2/24" >> wg0.conf;
echo " " >> wg0.conf;
echo "## My VPN server port ##" >> wg0.conf;
echo "ListenPort = 62100" >> wg0.conf;
echo " " >> wg0.conf;
echo "## VPN server's private key i.e. /etc/wireguard/privatekey ##" >> wg0.conf;
echo "PrivateKey = "$(cat privatekey) >> wg0.conf;
echo " " >> wg0.conf;
echo "PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o < network interface > -j MASQUERADE" >> wg0.conf;
echo "PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o < network interface > -j MASQUERADE" >> wg0.conf;
echo " " >> wg0.conf;
echo "## Save and update this config file when a new peer (vpn client) added ##" >> wg0.conf;
echo "SaveConfig = true" >> wg0.conf;
echo " " >> wg0.conf;
echo "[Peer]" >> wg0.conf;
echo "PublicKey = <Server Public key>" >> wg0.conf;
echo "Endpoint = <Server Public IP>:62100" >> wg0.conf;
echo "AllowedIPs = 10.100.20.2/24" >> wg0.conf;
Editieren der /etc/wireguard/wg0.conf und Platzhalter < network interface >, <Server Public key> sowie <Server Public IP> ersetzen!

Code: Select all

wg-quick up wg0

Code: Select all

sudo systemctl enable wg-quick@wg0

Code: Select all

sudo wg show

Code: Select all

sudo ifconfig wg0


nftable Firewall

Server

Code: Select all

ip saddr <Client Public IP> udp dport { 62100 } accept
Client

Code: Select all

ip saddr <Server Public IP> udp dport { 62100 } accept
Post Reply