FreshTomato Wiki

User Tools

Site Tools

Trace:
wireguard_on_freshtomato

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
wireguard_on_freshtomato [2023/07/17 18:00] – [Assumptions:] -grammar hogwildwireguard_on_freshtomato [2024/04/28 16:55] (current) – [Introduction] -remove right bracket hogwild
Line 1: Line 1:
 ====== Wireguard ====== ====== Wireguard ======
  
-Wireguard is a revolutionary VPN technology that allows for very fast throughput lowe latency compared to traditional VPN technologies.+Wireguard is a revolutionary VPN technology that allows for very fast throughput with low latency compared to traditional VPN technologies.
  
 Here are some rough benchmarks that illustrate the performance differences: Here are some rough benchmarks that illustrate the performance differences:
Line 12: Line 12:
 ===== Introduction ===== ===== Introduction =====
  
-Wireguard's exceptional performance is possible because the code is executed within kernel-space. Other technologies, such as OpenVPN, PPTP, or tinc run in user-space which is much slower. Wireguard still uses asymmetric-key technology (similar to OpenVPN) that is more basic in functionality. However, a lot of development is going on right now, and improvements in encryption keys are expected soon.+Wireguard's exceptional performance is possible because the code is executed within kernel-space. Other technologies, such as OpenVPN, PPTP, or tinc run in user-space which is much slower. Wireguard still uses asymmetric-key technology (similar to OpenVPN) that is more basic in functionality. However, there is a lot of ongoing development, and improvements in encryption keys are expected soon.
  
-Wireguard is not a "talkative" protocol. It tends to send data only when needed (unless a peer is defined with a forced keepalive option). One new approach taken with Wireguard was to completely remove handshaking. Now, data is accepted only if the decryption key works. This makes Wireguard less "chatty", simpler and faster). Wireguard communicates by default over UDP port 51820.+Wireguard is not a "talkative" protocol. It tends to send data only when needed (unless a peer is defined with a forced keepalive option). One new approach taken with Wireguard was to completely remove handshaking. Now, data is accepted only if the decryption key works. This makes Wireguard less "chatty", simpler and faster. Wireguard communicates by default over UDP port 51820.
  
 Before configuring Wireguard, you should consult the official documentation's [[https://www.wireguard.com/quickstart/|Quick Start]] guide, and possibly the [[https://github.com/pirate/wireguard-docs|unofficial]] version as well. Before configuring Wireguard, you should consult the official documentation's [[https://www.wireguard.com/quickstart/|Quick Start]] guide, and possibly the [[https://github.com/pirate/wireguard-docs|unofficial]] version as well.
Line 130: Line 130:
  
 <code -> <code ->
-root@routera:/jffs# wg genkey > privateKey_$(hostname) +root@routerA:/jffs# wg genkey > privateKey_$(hostname) 
-root@routera:/jffs# wg pubkey < privateKey_$(hostname) > publicKey_$(hostname)+root@routerA:/jffs# wg pubkey < privateKey_$(hostname) > publicKey_$(hostname)
 </code> </code>
  
Line 141: Line 141:
  
 <code -> <code ->
-root@routera:/jffs# ls -l +root@routerA:/jffs# ls -l 
--rw-r--r--    1 root     root            45 Feb 13 10:51 privateKey_routera +-rw-r--r--    1 root     root            45 Feb 13 10:51 privateKey_routerA 
--rw-r--r--    1 root     root            45 Feb 13 10:51 publicKey_routera+-rw-r--r--    1 root     root            45 Feb 13 10:51 publicKey_routerA
 </code> </code>
  
Line 152: Line 152:
 Please **do not** use the keys from this example. They are fake/hypothetical and only used as an example. Please **do not** use the keys from this example. They are fake/hypothetical and only used as an example.
  
- \\ The contents of the wg0.conf file on routera are as follows:+ \\ The contents of the wg0.conf file on routerA are as follows:
  
  \\  \\
  
 <code -> <code ->
-root@routera:/jffs# cat wg0.conf +root@routerA:/jffs# cat wg0.conf 
-[Interface] # routera = local +[Interface] # routerA = local 
-PrivateKey = WOOgLRpUxq3XjGfuP79JHKR/f7dd+/0HkbCR1YMDakU= # This is the generated privateKeyroutera on the local router+PrivateKey = WOOgLRpUxq3XjGfuP79JHKR/f7dd+/0HkbCR1YMDakU= # This is the generated privateKeyrouterA on the local router
 ListenPort = 51820 # Default port this router listen to, but can be changed if needed ListenPort = 51820 # Default port this router listen to, but can be changed if needed
  
-[peer] # routerb = remote+[peer] # routerB = remote
 Endpoint = rtrb.ddns.org:51820 # FDQN:port of Router B Endpoint = rtrb.ddns.org:51820 # FDQN:port of Router B
 PublicKey = iu3524WoHe0UHkY4o6kQSTe1sx9lBArrdBR9mbe+0yA= # This is the public key as generated on the remote device. PublicKey = iu3524WoHe0UHkY4o6kQSTe1sx9lBArrdBR9mbe+0yA= # This is the public key as generated on the remote device.
Line 168: Line 168:
 </code> </code>
  
- \\  \\ The contents of the wg0.conf file on routerb look like this:+ \\  \\ The contents of the wg0.conf file on routerB look like this:
  
  \\  \\
  
 <code -> <code ->
-root@routerb:/jffs# cat wg0.conf +root@routerB:/jffs# cat wg0.conf 
-[Interface] # routerb = local +[Interface] # routerB = local 
-PrivateKey = WOOgLRpUxq3XjGfuP79JHKR/f7dd+/0HkbCR1YMDakU= # This is the generated privateKeyrouterb on the local router+PrivateKey = WOOgLRpUxq3XjGfuP79JHKR/f7dd+/0HkbCR1YMDakU= # This is the generated privateKeyrouterB on the local router
 ListenPort = 51820 # Default port this router listen to, but can be changed if needed ListenPort = 51820 # Default port this router listen to, but can be changed if needed
  
-[peer] # routera = remote+[peer] # routerA = remote
 Endpoint = rtra.ddns.org:51820 # FDQN:port of Router A Endpoint = rtra.ddns.org:51820 # FDQN:port of Router A
 PublicKey = Pr1EV/OukTXsj0eeEM96mOCW4Jy00iUMIFp24Z93owo= # This is the public key as generated on the remote device. PublicKey = Pr1EV/OukTXsj0eeEM96mOCW4Jy00iUMIFp24Z93owo= # This is the public key as generated on the remote device.
Line 198: Line 198:
  \\  \\
  
-On a network with private addressing (behind NAT) that isn't reachable from the Internet, the connection will be initiated from the NATed device. However, you'll need to force keepalive activity towards the unNATed device to maintain the connection. Remember, by default, Wireguard doesn't use keepalive packets. Let's assume routerb is behind an unmanaged NAT device (so your WAN has a private IP) your routera [peer] definition within wg0.conf will need to have the ''PersistentKeepalive'' defined. Doing this allows the main router mapping table to stay updated, and make the defined Wireguard port reachable.+On a network with private addressing (behind NAT) that isn't reachable from the Internet, the connection will be initiated from the NATed device. However, you'll need to force keepalive activity towards the unNATed device to maintain the connection. Remember, by default, Wireguard doesn't use keepalive packets. Let's assume routerB is behind an unmanaged NAT device (so your WAN has a private IP) your routerA [peer] definition within wg0.conf will need to have the ''PersistentKeepalive'' defined. Doing this allows the main router mapping table to stay updated, and make the defined Wireguard port reachable.
  
  \\ \\ The necessary changes to the wg0.conf file for this are seen here: \\  \\  \\ \\ The necessary changes to the wg0.conf file for this are seen here: \\  \\
  
 <code -> <code ->
-[peer] # routera = remote+[peer] # routerA = remote
 Endpoint = rtra.ddns.org:51820 Endpoint = rtra.ddns.org:51820
 PublicKey = Pr1EV/OukTXsj0eeEM96mOCW4Jy00iUMIFp24Z93owo= PublicKey = Pr1EV/OukTXsj0eeEM96mOCW4Jy00iUMIFp24Z93owo=
wireguard_on_freshtomato.1689613258.txt.gz · Last modified: 2023/07/17 18:00 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki