FreshTomato Wiki

User Tools

Site Tools

Trace:
wireguard_on_freshtomato

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
wireguard_on_freshtomato [2023/07/17 18:00] – [Assumptions:] -grammar hogwildwireguard_on_freshtomato [2023/07/17 18:08] – [Point-to-Point Connection] -standardize to "routerB" hogwild
Line 130: Line 130:
  
 <code -> <code ->
-root@routera:/jffs# wg genkey > privateKey_$(hostname) +root@routerA:/jffs# wg genkey > privateKey_$(hostname) 
-root@routera:/jffs# wg pubkey < privateKey_$(hostname) > publicKey_$(hostname)+root@routerA:/jffs# wg pubkey < privateKey_$(hostname) > publicKey_$(hostname)
 </code> </code>
  
Line 141: Line 141:
  
 <code -> <code ->
-root@routera:/jffs# ls -l +root@routerA:/jffs# ls -l 
--rw-r--r--    1 root     root            45 Feb 13 10:51 privateKey_routera +-rw-r--r--    1 root     root            45 Feb 13 10:51 privateKey_routerA 
--rw-r--r--    1 root     root            45 Feb 13 10:51 publicKey_routera+-rw-r--r--    1 root     root            45 Feb 13 10:51 publicKey_routerA
 </code> </code>
  
Line 152: Line 152:
 Please **do not** use the keys from this example. They are fake/hypothetical and only used as an example. Please **do not** use the keys from this example. They are fake/hypothetical and only used as an example.
  
- \\ The contents of the wg0.conf file on routera are as follows:+ \\ The contents of the wg0.conf file on routerA are as follows:
  
  \\  \\
  
 <code -> <code ->
-root@routera:/jffs# cat wg0.conf +root@routerA:/jffs# cat wg0.conf 
-[Interface] # routera = local +[Interface] # routerA = local 
-PrivateKey = WOOgLRpUxq3XjGfuP79JHKR/f7dd+/0HkbCR1YMDakU= # This is the generated privateKeyroutera on the local router+PrivateKey = WOOgLRpUxq3XjGfuP79JHKR/f7dd+/0HkbCR1YMDakU= # This is the generated privateKeyrouterA on the local router
 ListenPort = 51820 # Default port this router listen to, but can be changed if needed ListenPort = 51820 # Default port this router listen to, but can be changed if needed
  
-[peer] # routerb = remote+[peer] # routerB = remote
 Endpoint = rtrb.ddns.org:51820 # FDQN:port of Router B Endpoint = rtrb.ddns.org:51820 # FDQN:port of Router B
 PublicKey = iu3524WoHe0UHkY4o6kQSTe1sx9lBArrdBR9mbe+0yA= # This is the public key as generated on the remote device. PublicKey = iu3524WoHe0UHkY4o6kQSTe1sx9lBArrdBR9mbe+0yA= # This is the public key as generated on the remote device.
Line 168: Line 168:
 </code> </code>
  
- \\  \\ The contents of the wg0.conf file on routerb look like this:+ \\  \\ The contents of the wg0.conf file on routerB look like this:
  
  \\  \\
  
 <code -> <code ->
-root@routerb:/jffs# cat wg0.conf +root@routerB:/jffs# cat wg0.conf 
-[Interface] # routerb = local +[Interface] # routerB = local 
-PrivateKey = WOOgLRpUxq3XjGfuP79JHKR/f7dd+/0HkbCR1YMDakU= # This is the generated privateKeyrouterb on the local router+PrivateKey = WOOgLRpUxq3XjGfuP79JHKR/f7dd+/0HkbCR1YMDakU= # This is the generated privateKeyrouterB on the local router
 ListenPort = 51820 # Default port this router listen to, but can be changed if needed ListenPort = 51820 # Default port this router listen to, but can be changed if needed
  
-[peer] # routera = remote+[peer] # routerA = remote
 Endpoint = rtra.ddns.org:51820 # FDQN:port of Router A Endpoint = rtra.ddns.org:51820 # FDQN:port of Router A
 PublicKey = Pr1EV/OukTXsj0eeEM96mOCW4Jy00iUMIFp24Z93owo= # This is the public key as generated on the remote device. PublicKey = Pr1EV/OukTXsj0eeEM96mOCW4Jy00iUMIFp24Z93owo= # This is the public key as generated on the remote device.
Line 198: Line 198:
  \\  \\
  
-On a network with private addressing (behind NAT) that isn't reachable from the Internet, the connection will be initiated from the NATed device. However, you'll need to force keepalive activity towards the unNATed device to maintain the connection. Remember, by default, Wireguard doesn't use keepalive packets. Let's assume routerb is behind an unmanaged NAT device (so your WAN has a private IP) your routera [peer] definition within wg0.conf will need to have the ''PersistentKeepalive'' defined. Doing this allows the main router mapping table to stay updated, and make the defined Wireguard port reachable.+On a network with private addressing (behind NAT) that isn't reachable from the Internet, the connection will be initiated from the NATed device. However, you'll need to force keepalive activity towards the unNATed device to maintain the connection. Remember, by default, Wireguard doesn't use keepalive packets. Let's assume routerB is behind an unmanaged NAT device (so your WAN has a private IP) your routerA [peer] definition within wg0.conf will need to have the ''PersistentKeepalive'' defined. Doing this allows the main router mapping table to stay updated, and make the defined Wireguard port reachable.
  
  \\ \\ The necessary changes to the wg0.conf file for this are seen here: \\  \\  \\ \\ The necessary changes to the wg0.conf file for this are seen here: \\  \\
  
 <code -> <code ->
-[peer] # routera = remote+[peer] # routerA = remote
 Endpoint = rtra.ddns.org:51820 Endpoint = rtra.ddns.org:51820
 PublicKey = Pr1EV/OukTXsj0eeEM96mOCW4Jy00iUMIFp24Z93owo= PublicKey = Pr1EV/OukTXsj0eeEM96mOCW4Jy00iUMIFp24Z93owo=
wireguard_on_freshtomato.txt · Last modified: 2024/04/28 16:55 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki