This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
wireguard_on_freshtomato [2023/07/17 01:30] – [Introduction] -condense, change link label to "Quick Start", as per original hogwild | wireguard_on_freshtomato [2024/04/28 16:55] (current) – [Introduction] -remove right bracket hogwild | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Wireguard ====== | ====== Wireguard ====== | ||
- | Wireguard is a revolutionary VPN technology that allows for very fast throughput | + | Wireguard is a revolutionary VPN technology that allows for very fast throughput |
Here are some rough benchmarks that illustrate the performance differences: | Here are some rough benchmarks that illustrate the performance differences: | ||
Line 12: | Line 12: | ||
===== Introduction ===== | ===== Introduction ===== | ||
- | Wireguard' | + | Wireguard' |
- | Wireguard is not a " | + | Wireguard is not a " |
Before configuring Wireguard, you should consult the official documentation' | Before configuring Wireguard, you should consult the official documentation' | ||
Line 21: | Line 21: | ||
===== Overview ===== | ===== Overview ===== | ||
- | Until a graphical interface | + | Until Wireguard |
\\ | \\ | ||
Line 98: | Line 98: | ||
- | ==== Point-to-point ==== | + | ==== Point-to-Point Connection |
Here, we will illustrate how to achieve a point-to-point connection, the simplest kind. Let's assume we have two devices with these prerequisites: | Here, we will illustrate how to achieve a point-to-point connection, the simplest kind. Let's assume we have two devices with these prerequisites: | ||
Line 142: | Line 142: | ||
<code -> | <code -> | ||
root@routerA:/ | root@routerA:/ | ||
- | -rw-r--r-- | + | -rw-r--r-- |
- | -rw-r--r-- | + | -rw-r--r-- |
</ | </ | ||
Line 158: | Line 158: | ||
<code -> | <code -> | ||
root@routerA:/ | root@routerA:/ | ||
- | [Interface] # RouterA | + | [Interface] # routerA |
- | PrivateKey = WOOgLRpUxq3XjGfuP79JHKR/ | + | PrivateKey = WOOgLRpUxq3XjGfuP79JHKR/ |
ListenPort = 51820 # Default port this router listen to, but can be changed if needed | ListenPort = 51820 # Default port this router listen to, but can be changed if needed | ||
Line 174: | Line 174: | ||
<code -> | <code -> | ||
root@routerB:/ | root@routerB:/ | ||
- | [Interface] # RouterB | + | [Interface] # routerB |
- | PrivateKey = WOOgLRpUxq3XjGfuP79JHKR/ | + | PrivateKey = WOOgLRpUxq3XjGfuP79JHKR/ |
ListenPort = 51820 # Default port this router listen to, but can be changed if needed | ListenPort = 51820 # Default port this router listen to, but can be changed if needed | ||
- | [peer] # RouterA | + | [peer] # routerA |
Endpoint = rtra.ddns.org: | Endpoint = rtra.ddns.org: | ||
PublicKey = Pr1EV/ | PublicKey = Pr1EV/ | ||
Line 190: | Line 190: | ||
\\ | \\ | ||
- | === The consequences | + | === The Consequences |
\\ | \\ | ||
Line 198: | Line 198: | ||
\\ | \\ | ||
- | On a network with private addressing (behind NAT) that isn't reachable from the Internet, the connection will be initiated from the NATed device. However, you'll need to force keepalive activity towards the unNATed device to maintain the connection. Remember, by default, Wireguard doesn' | + | On a network with private addressing (behind NAT) that isn't reachable from the Internet, the connection will be initiated from the NATed device. However, you'll need to force keepalive activity towards the unNATed device to maintain the connection. Remember, by default, Wireguard doesn' |
- | \\ \\ The necessary changes to the wf0.conf file are seen here: \\ | + | \\ \\ The necessary changes to the wg0.conf file for this are seen here: \\ |
<code -> | <code -> | ||
- | [peer] # RouterA | + | [peer] # routerA |
Endpoint = rtra.ddns.org: | Endpoint = rtra.ddns.org: | ||
PublicKey = Pr1EV/ | PublicKey = Pr1EV/ | ||
Line 218: | Line 218: | ||
\\ | \\ | ||
- | === The consequences | + | === The Consequences |
\\ | \\ | ||
Line 227: | Line 227: | ||
- | ===== Automated Script with full mesh support | + | ===== Automated Script with Full Mesh Support |
Current version: 1.22\\ | Current version: 1.22\\ | ||
Line 247: | Line 247: | ||
* The wg.sh and " | * The wg.sh and " | ||
- | \\ \\ {{: | + | \\ \\ {{: |
- | \\ {{: | + | \\ {{: |
Running " | Running " | ||
Line 260: | Line 260: | ||
You do not need to make any changes to those files. Simply copy them both to the relevant device (preferably jffs). This means you must run the makeconf on any one (and only one) device.\\ | You do not need to make any changes to those files. Simply copy them both to the relevant device (preferably jffs). This means you must run the makeconf on any one (and only one) device.\\ | ||
- | The wg.sh script has been written such that it can be run multiple times, even consecutively. Router and iptables/ | + | The wg.sh script has been written such that it can be run multiple times, even consecutively. Router and iptables/ |
Line 313: | Line 313: | ||
- | ==== Running | + | ==== Running Wireguard at Boot ==== |
As hinted previously, you must rely on permanent storage to make this work. Regardless of what type of storage you choose, it might become unavailable. For this reason, [[jffs|JFFS]] has been used throughout the examples, as it arguably the most reliable form. To run Wireguard automatically, | As hinted previously, you must rely on permanent storage to make this work. Regardless of what type of storage you choose, it might become unavailable. For this reason, [[jffs|JFFS]] has been used throughout the examples, as it arguably the most reliable form. To run Wireguard automatically, | ||
Line 376: | Line 376: | ||
If any problems arise while running the script, you should consider changing the first line from: | If any problems arise while running the script, you should consider changing the first line from: | ||
+ | |||
+ | \\ | ||
<code -> | <code -> | ||
Line 384: | Line 386: | ||
to the following: | to the following: | ||
+ | |||
+ | \\ | ||
<code -> | <code -> | ||
Line 390: | Line 394: | ||
Using the script with the " | Using the script with the " | ||
- | |||
- | Remember that you can get help with any subcommand by typing: | ||
\\ | \\ | ||
+ | |||
+ | Remember that you can get help with any subcommand by typing: | ||
<code -> | <code -> | ||
Line 401: | Line 405: | ||
\\ | \\ | ||
- | Remember also that '' | + | Remember also that '' |
\\ \\ {{: | \\ \\ {{: | ||
- | However, you can also display advanced information by using: | + | You can also display |
\\ | \\ | ||
Line 425: | Line 429: | ||
\\ | \\ | ||
- | Pinging the intra-VPN IP address first will help to identify if Wireguard is the issue or if it is routing-related.\\ | + | Pinging the intra-VPN IP address first will help to identify if Wireguard is the issue or if it is routing-related.\\ |
- | Finally, pay attention to the // | ||
+ | ==== Known Bugs ==== | ||
+ | |||
+ | \\ | ||
+ | |||
+ | With the current version of the code (v1.0.20200827), | ||
+ | |||
+ | \\ | ||
+ | |||
+ | {{: | ||
+ | |||
+ | This should be fixed in a later version of the code. | ||
+ | |||
+ | \\ | ||
+ | |||
+ | \\ | ||
- | ==== Known bugs ==== | ||
- | On the current version of the code: | ||
- | <code -> | ||
- | wireguard-tools v1.0.20200827 - https:// | ||
- | {{: | ||
- | Using the wg (a.k.a. wg show) command it appears like the sent traffic is not counted as it should. |