WireGuard

by Hana Burtin

I’ve recently setup a VPN for accessing my local network from outside. And I chose WireGuard as it’s super easy to setup, very light, and it work well on about every system.

VPN Basis:

The base idea for me was, when I go in holidays, or simply go outside to breath fresh air while geeking, I need to access my local network. That’s where a VPN is useful.

The second idea behind is when on public WiFi I prefer having a VPN enabled to block from packet sniffing.

I choose WireGuard because it’s:

  • Super lightweight
  • Incredibly resilient while roaming on 4G and switching to WiFi
  • It works super quick to install on windows/linux/android with almost no overhead
  • There is no user login required

0)Interfaces keys

To generate your key use:

# wg genkey > privatekey
# wg pubkey < privatekey > publickey

or

# wg genkey | tee privatekey | wg pubkey > publickey

This will generate 2 files: privatekey and publickey in your working directory.

You will need a pair for each peer, depending on how you want to model you want to use, you will have 1 peer per machine and/or user.

1)Server Side:

Interface:

[Interface]
ListenPort = 51234  # The port you will connect to
PrivateKey = xx12346Privatekey=  # The private key your server will use to decrypt packages

Peers:

For each peer you will need 1 peer entry

[Peer]
PublicKey = xxx123465Publickey=  # The public key matching the peer interface private key
PresharedKey = xxx123465SharedKey=  # Must mach between the server and the peer it's a symmetric key used to encrypt the public key exchange as a additional security layer
AllowedIPs  = 192.168.32.23/32  # The IPs the peer can use (must match the interface subnet)

2)Client Side:

Interface:

[Interface]
PrivateKey = xx123456PrivateKey=  # The private key for this peer
Address = 192.168.32.23/24  # Matches the IP address expected for the server, the subnet will match the server subnet
DNS = 1.1.1.1  # If you want to use a specific DNS for your local network, this will overwrite the default DNS

Peer:

This will define you server endpoint

[Peer]
PublicKey = xxx123456Publickey=  # The public key of your server
PresharedKey = xxx123465SharedKey=  # Must mach between the server and the peer it's a symmetric key used to encrypt the public key exchange as a additional security layer
AllowedIPs = 0.0.0.0/0  # The ip range you want to contact using this interface, 0.0.0.0/0 is all trafic
Endpoint = 352.654.987.321:51234  # The address of you server, can be an IP address of a DNS. The port must match the listening port of your server

Conclusion:

As you saw setting this up is really easy. Once done you can enjoy you VPN connection.

I’m currently working a on tiny script to run WireGuard on an EC2 instance and match it with an API to rotate the keys regulary, so stay tune.

My wireguard server is running directly on my router allowing me to block the traffic before it reaches my lan like any other VLan.

It’s a really fast to implement feature, and also really useful.

0 Replies to “WireGuard”

Leave a Reply

Your email address will not be published. Required fields are marked *