I’ve been just spinning up VMs left and right since I setup that Oracle VM. I decided that if I’m going to be out of town for a week, then I’d like to have a VPN in to the home network, so that I can get some work done. It is my vacation, so I’d like to do some hobbies.
So far the config is pretty simple. I like the approch they are using with wiregaurd too. Very “unixy” in that it is just a network interface, that will encrypt with a private key, and decrypt with the client’s public key. There is almost no CPU usage. It does one thing and it does it well. Use what ever key management or authentication scheme you want.
New VM on Universe. 2 GB ram and 25GB storage. Its pool is 100GB.
package is just called wireguard
## Create the Wireguard virtual network adapter
$ sudo ip link add dev wg0 type wireguard
## Set proper umask for key files, and generate private and public key files
$ umask 077
$ wg genkey > privatekey
$ wg pubkey < privatekey > publickey
## Setup network
$ sudo ip addr add 10.0.0.1/24 dev wg0
## attach key to interface
$ wg set wg0 private-key ./private
## up
$ sudo ip link set wg0 up
## create /etc/wireguard/wg0.conf
$ sudo vi /etc/wireguard/wg0.conf
contents of new file
[Interface]
SaveConfig = true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o enp1s0 -j MASQUERADE;
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o enp1s0 -j MASQUERADE;
ListenPort = 56990
PrivateKey = QETsE2fXOXC81R/MRYDYjHTyjZxfSlF2vuiCgK5nv0U=
[Peer]
PublicKey = L/VrqKjC5/harAftr+2w0I0hs0MPy0QgXGvvAKqYZlA=
AllowedIPs = 10.0.0.2/32
Leave a Reply