This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
wireguard_on_freshtomato [2023/07/17 01:50] – [Assumptions:] -resize screenshot "pasted:20230326-205524.png" back to 580x439 hogwild | wireguard_on_freshtomato [2023/07/17 18:08] – [Point-to-Point Connection] -standardize to "routerB" hogwild | ||
---|---|---|---|
Line 21: | Line 21: | ||
===== Overview ===== | ===== Overview ===== | ||
- | Until a graphical interface | + | Until Wireguard |
\\ | \\ | ||
Line 142: | Line 142: | ||
<code -> | <code -> | ||
root@routerA:/ | root@routerA:/ | ||
- | -rw-r--r-- | + | -rw-r--r-- |
- | -rw-r--r-- | + | -rw-r--r-- |
</ | </ | ||
Line 158: | Line 158: | ||
<code -> | <code -> | ||
root@routerA:/ | root@routerA:/ | ||
- | [Interface] # RouterA | + | [Interface] # routerA |
- | PrivateKey = WOOgLRpUxq3XjGfuP79JHKR/ | + | PrivateKey = WOOgLRpUxq3XjGfuP79JHKR/ |
ListenPort = 51820 # Default port this router listen to, but can be changed if needed | ListenPort = 51820 # Default port this router listen to, but can be changed if needed | ||
Line 174: | Line 174: | ||
<code -> | <code -> | ||
root@routerB:/ | root@routerB:/ | ||
- | [Interface] # RouterB | + | [Interface] # routerB |
- | PrivateKey = WOOgLRpUxq3XjGfuP79JHKR/ | + | PrivateKey = WOOgLRpUxq3XjGfuP79JHKR/ |
ListenPort = 51820 # Default port this router listen to, but can be changed if needed | ListenPort = 51820 # Default port this router listen to, but can be changed if needed | ||
- | [peer] # RouterA | + | [peer] # routerA |
Endpoint = rtra.ddns.org: | Endpoint = rtra.ddns.org: | ||
PublicKey = Pr1EV/ | PublicKey = Pr1EV/ | ||
Line 198: | Line 198: | ||
\\ | \\ | ||
- | On a network with private addressing (behind NAT) that isn't reachable from the Internet, the connection will be initiated from the NATed device. However, you'll need to force keepalive activity towards the unNATed device to maintain the connection. Remember, by default, Wireguard doesn' | + | On a network with private addressing (behind NAT) that isn't reachable from the Internet, the connection will be initiated from the NATed device. However, you'll need to force keepalive activity towards the unNATed device to maintain the connection. Remember, by default, Wireguard doesn' |
- | \\ \\ The necessary changes to the wf0.conf file for this are seen here: \\ \\ | + | \\ \\ The necessary changes to the wg0.conf file for this are seen here: \\ \\ |
<code -> | <code -> | ||
- | [peer] # RouterA | + | [peer] # routerA |
Endpoint = rtra.ddns.org: | Endpoint = rtra.ddns.org: | ||
PublicKey = Pr1EV/ | PublicKey = Pr1EV/ | ||
Line 247: | Line 247: | ||
* The wg.sh and " | * The wg.sh and " | ||
- | \\ \\ {{: | + | \\ \\ {{: |
- | \\ {{: | + | \\ {{: |
Running " | Running " | ||
Line 260: | Line 260: | ||
You do not need to make any changes to those files. Simply copy them both to the relevant device (preferably jffs). This means you must run the makeconf on any one (and only one) device.\\ | You do not need to make any changes to those files. Simply copy them both to the relevant device (preferably jffs). This means you must run the makeconf on any one (and only one) device.\\ | ||
- | The wg.sh script has been written such that it can be run multiple times, even consecutively. Router and iptables/ | + | The wg.sh script has been written such that it can be run multiple times, even consecutively. Router and iptables/ |