Wireguard
From DD-WRT Wiki
Revision as of 21:17, 18 July 2018 (edit) Liverpoolatnight (Talk | contribs) (→Methord 2 - If Double NATed (DONT USE, WIP)) ← Previous diff |
Revision as of 21:54, 18 July 2018 (edit) (undo) Liverpoolatnight (Talk | contribs) Next diff → |
||
Line 25: | Line 25: | ||
*[http://svn.dd-wrt.com/ticket/6219 show private key in gui] - Done | *[http://svn.dd-wrt.com/ticket/6219 show private key in gui] - Done | ||
*[http://svn.dd-wrt.com//ticket/6217#comment:1 add option to set a DNS in gui] | *[http://svn.dd-wrt.com//ticket/6217#comment:1 add option to set a DNS in gui] | ||
- | |||
- | =Methord 2 - If Double NATed (DONT USE, WIP)= | ||
- | wg set oet1 fwmark 51820 | ||
- | # This sets the Firewall Mark of the wireguard interface called oet1 to 51820 | ||
- | # 51820 is attached to outgoing packets and can be used in firewall rules | ||
- | # SSH into the Router and use wg to see it applyed. | ||
- | |||
- | ip route add 0.0.0.0/0 dev oet1 table 51820 | ||
- | ip rule add not fwmark 51820 table 51820 | ||
=Reference= | =Reference= | ||
Line 40: | Line 31: | ||
[https://lists.zx2c4.com/mailman/listinfo/wireguard/ WireGuard Mailing Lists]<br> | [https://lists.zx2c4.com/mailman/listinfo/wireguard/ WireGuard Mailing Lists]<br> | ||
[https://svn.dd-wrt.com/search?q=wireguard&noquickjump=1&changeset=on DD-WRT SVN Changesets]<br> | [https://svn.dd-wrt.com/search?q=wireguard&noquickjump=1&changeset=on DD-WRT SVN Changesets]<br> | ||
- | [https://www.dd-wrt.com/phpBB2/viewtopic.php?t=312522 Forum | + | [https://www.dd-wrt.com/phpBB2/viewtopic.php?t=312522 Forum]<br> |
- | + | ||
[[VPN|Virtual Private Network (VPN)]] (DD-WRT wiki) | [[VPN|Virtual Private Network (VPN)]] (DD-WRT wiki) | ||
- | |||
[[Category:Tunneling]] | [[Category:Tunneling]] |
Revision as of 21:54, 18 July 2018
"WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it plans to be cross-platform and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry."[1]
Contents |
How it works
Quick Start (from the developer site)
Firewall rules
Add firewall rules to successfully communicate through the tunnel on each unit:
#for reaching the unit in/out iptables -I INPUT -i oet1 -j ACCEPT iptables -I OUTPUT -o oet1 -j ACCEPT #for forwarding packets to the networks behind in/out iptables -I FORWARD -i oet1 -j ACCEPT iptables -I FORWARD -o oet1 -j ACCEPT
Also set routes for the networks to reach:
#to connect 192.168.1.0/24 and 192.168.2.0/24 via 10.10.10.2 put on the 192.168.1.0 gateway route add -net 192.168.2.0/24 gw 10.10.10.2 #etc
This firewall functionality may eventually get integrated into DD-WRT. SVN tickets:
- add option to allow more than one allowed IP/Network
- add option to set auto routes for oet*_aip0 - Done
- show private key in gui - Done
- add option to set a DNS in gui
Reference
Conceptual Overview
Git Repository
WireGuard Mailing Lists
DD-WRT SVN Changesets
Forum
Virtual Private Network (VPN) (DD-WRT wiki)