This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
wireguard_on_freshtomato [2023/07/17 01:43] – [Point-to-point] -Changed subhead to "Ponit-to-Point Connection", grammar, formatting hogwild | wireguard_on_freshtomato [2023/07/17 17:58] – [Point-to-Point Connection] -standardize "routera" hogwild | ||
---|---|---|---|
Line 21: | Line 21: | ||
===== Overview ===== | ===== Overview ===== | ||
- | Until a graphical interface | + | Until Wireguard |
\\ | \\ | ||
Line 130: | Line 130: | ||
<code -> | <code -> | ||
- | root@routerA:/jffs# wg genkey > privateKey_$(hostname) | + | root@routera:/jffs# wg genkey > privateKey_$(hostname) |
- | root@routerA:/jffs# wg pubkey < privateKey_$(hostname) > publicKey_$(hostname) | + | root@routera:/jffs# wg pubkey < privateKey_$(hostname) > publicKey_$(hostname) |
</ | </ | ||
Line 141: | Line 141: | ||
<code -> | <code -> | ||
- | root@routerA:/jffs# ls -l | + | root@routera:/jffs# ls -l |
-rw-r--r-- | -rw-r--r-- | ||
-rw-r--r-- | -rw-r--r-- | ||
Line 152: | Line 152: | ||
Please **do not** use the keys from this example. They are fake/ | Please **do not** use the keys from this example. They are fake/ | ||
- | \\ The contents of the wg0.conf file on routerA | + | \\ The contents of the wg0.conf file on routera |
\\ | \\ | ||
<code -> | <code -> | ||
- | root@routerA:/jffs# cat wg0.conf | + | root@routera:/jffs# cat wg0.conf |
- | [Interface] # RouterA | + | [Interface] # routera |
PrivateKey = WOOgLRpUxq3XjGfuP79JHKR/ | PrivateKey = WOOgLRpUxq3XjGfuP79JHKR/ | ||
ListenPort = 51820 # Default port this router listen to, but can be changed if needed | ListenPort = 51820 # Default port this router listen to, but can be changed if needed | ||
- | [peer] # routerB | + | [peer] # routerb |
Endpoint = rtrb.ddns.org: | Endpoint = rtrb.ddns.org: | ||
PublicKey = iu3524WoHe0UHkY4o6kQSTe1sx9lBArrdBR9mbe+0yA= # This is the public key as generated on the remote device. | PublicKey = iu3524WoHe0UHkY4o6kQSTe1sx9lBArrdBR9mbe+0yA= # This is the public key as generated on the remote device. | ||
Line 168: | Line 168: | ||
</ | </ | ||
- | | + | |
\\ | \\ | ||
<code -> | <code -> | ||
- | root@routerB:/jffs# cat wg0.conf | + | root@routerb:/jffs# cat wg0.conf |
- | [Interface] # RouterB | + | [Interface] # routerb |
PrivateKey = WOOgLRpUxq3XjGfuP79JHKR/ | PrivateKey = WOOgLRpUxq3XjGfuP79JHKR/ | ||
ListenPort = 51820 # Default port this router listen to, but can be changed if needed | ListenPort = 51820 # Default port this router listen to, but can be changed if needed | ||
- | [peer] # RouterA | + | [peer] # routera |
Endpoint = rtra.ddns.org: | Endpoint = rtra.ddns.org: | ||
PublicKey = Pr1EV/ | PublicKey = Pr1EV/ | ||
Line 198: | Line 198: | ||
\\ | \\ | ||
- | On a network with private addressing (behind NAT) that isn't reachable from the Internet, the connection will be initiated from the NATed device. However, you'll need to force keepalive activity towards the unNATed device to maintain the connection. Remember, by default, Wireguard doesn' | + | On a network with private addressing (behind NAT) that isn't reachable from the Internet, the connection will be initiated from the NATed device. However, you'll need to force keepalive activity towards the unNATed device to maintain the connection. Remember, by default, Wireguard doesn' |
- | \\ \\ The necessary changes to the wf0.conf file for this are seen here: \\ \\ | + | \\ \\ The necessary changes to the wg0.conf file for this are seen here: \\ \\ |
<code -> | <code -> | ||
- | [peer] # RouterA | + | [peer] # routera |
Endpoint = rtra.ddns.org: | Endpoint = rtra.ddns.org: | ||
PublicKey = Pr1EV/ | PublicKey = Pr1EV/ | ||
Line 227: | Line 227: | ||
- | ===== Automated Script with full mesh support | + | ===== Automated Script with Full Mesh Support |
Current version: 1.22\\ | Current version: 1.22\\ | ||
Line 247: | Line 247: | ||
* The wg.sh and " | * The wg.sh and " | ||
- | \\ \\ {{: | + | \\ \\ {{: |
+ | \\ | ||
+ | The script will display an introduction screen: | ||
- | \\ {{: | + | \\ {{: |
Running " | Running " | ||
Line 255: | Line 257: | ||
* wg.sh | * wg.sh | ||
* wg0.conf | * wg0.conf | ||
- | |||
\\ | \\ | ||
Line 313: | Line 314: | ||
- | ==== Running | + | ==== Running Wireguard at Boot ==== |
As hinted previously, you must rely on permanent storage to make this work. Regardless of what type of storage you choose, it might become unavailable. For this reason, [[jffs|JFFS]] has been used throughout the examples, as it arguably the most reliable form. To run Wireguard automatically, | As hinted previously, you must rely on permanent storage to make this work. Regardless of what type of storage you choose, it might become unavailable. For this reason, [[jffs|JFFS]] has been used throughout the examples, as it arguably the most reliable form. To run Wireguard automatically, |