Author Topic: WireGuard  (Read 690 times)

Offline Legs11

  • PCLinuxOS Tester
  • Super Villain
  • *******
  • Posts: 31907
  • Veni Vidi Vici MLU
WireGuard
« on: December 19, 2019, 10:14:28 AM »
I needed to install lib64mnl0-devel in order to build this as user using
'make'
Then su to root and do

Code: [Select]
# make install
  INSTALL  /media/Downloads/WireGuard/WireGuard-0.0.20191219/src/wireguard.ko
  DEPMOD  5.4.5-pclos1
Warning: modules_install: missing 'System.map' file. Skipping depmod.
depmod -a 5.4.5-pclos1
'wg' -> '/usr/bin/wg'
'man/wg.8' -> '/usr/share/man/man8/wg.8'
'completion/wg.bash-completion' -> '/usr/share/bash-completion/completions/wg'
'wg-quick/linux.bash' -> '/usr/bin/wg-quick'
install: creating directory '/etc/wireguard'
'man/wg-quick.8' -> '/usr/share/man/man8/wg-quick.8'
'completion/wg-quick.bash-completion' -> '/usr/share/bash-completion/completions/wg-quick'
[root@Beigebox src]#

Does this output look OK?
Just want to be sure before I take this any further, thanks.  :)

It seems to be installed correctly.



Logged
"Posterity - a paultry form of eternity"  L. Cohen

Kernel: 5.4.12-pclos1;  Desktop: KDE Plasma 5.17.5 ;  TK: QT 5.12.6; Mobo: ASUSTeK P8Z68-V PRO v: Rev 1.0.1;   CPU: Quad core i7-3770S;   Mem: 8 GB;   Graphics: Intel Xeon E3-1200 v2/3rd;   Display:  LG 2560x1080 60Hz

Offline Tex

  • Administrator
  • Super Villain
  • **********
  • Posts: 21971
  • Space City, Tx
Re: WireGuard
« Reply #1 on: December 20, 2019, 03:52:02 AM »
FYI: I can patch the wireguard kernel driver into the next kernel 5.4 update.
Logged

Offline Legs11

  • PCLinuxOS Tester
  • Super Villain
  • *******
  • Posts: 31907
  • Veni Vidi Vici MLU
Re: WireGuard
« Reply #2 on: December 20, 2019, 04:22:18 AM »
FYI: I can patch the wireguard kernel driver into the next kernel 5.4 update.

Thank you. That would be convenient, although there was no trouble at all building it.

I read they expect it to be in-kernel in 5.6 ....  but before that if you can manage it would be great  :)

It appears to be less convoluted to set up than OpenVPN.

Presently I am just doing initial tests with a view, in the future, of setting it up as a VPN server on my LAN, for my use when off site.


Logged
"Posterity - a paultry form of eternity"  L. Cohen

Kernel: 5.4.12-pclos1;  Desktop: KDE Plasma 5.17.5 ;  TK: QT 5.12.6; Mobo: ASUSTeK P8Z68-V PRO v: Rev 1.0.1;   CPU: Quad core i7-3770S;   Mem: 8 GB;   Graphics: Intel Xeon E3-1200 v2/3rd;   Display:  LG 2560x1080 60Hz

Offline Tex

  • Administrator
  • Super Villain
  • **********
  • Posts: 21971
  • Space City, Tx
Re: WireGuard
« Reply #3 on: December 21, 2019, 06:07:55 AM »
The kernel 5.4.6 that I'm sending to the repo today now includes the wireguard kernel driver.

wireguard-tools-0.0.20191219-1pclos2020.x86_64.rpm contains the control programs (wg and wg-quick). After installation and reboot then PCLinuxOS will automatically load the wireguard kernel driver on boot.

Cheers!
Tex

Logged

Offline Legs11

  • PCLinuxOS Tester
  • Super Villain
  • *******
  • Posts: 31907
  • Veni Vidi Vici MLU
Re: WireGuard
« Reply #4 on: December 21, 2019, 07:19:22 AM »
Wow!

Thanks!  :)

Now I will really have to do some testing; no more prevaricating :D




Logged
"Posterity - a paultry form of eternity"  L. Cohen

Kernel: 5.4.12-pclos1;  Desktop: KDE Plasma 5.17.5 ;  TK: QT 5.12.6; Mobo: ASUSTeK P8Z68-V PRO v: Rev 1.0.1;   CPU: Quad core i7-3770S;   Mem: 8 GB;   Graphics: Intel Xeon E3-1200 v2/3rd;   Display:  LG 2560x1080 60Hz

Offline Legs11

  • PCLinuxOS Tester
  • Super Villain
  • *******
  • Posts: 31907
  • Veni Vidi Vici MLU
Re: WireGuard
« Reply #5 on: January 05, 2020, 07:30:20 AM »
I eventually got around to trying some setup of Wireguard ..... I again met with my pet hate ----- pages of instructions that are undated and content outdated, but impossible to know immediately!   Aaaaaaagh!

Anyway, I went through most of the procedure (don't have a client machine on different IP address set up yet), and I met with first hurdle/stumble:-

Code: [Select]
$ wg-quick up wg0
/usr/bin/wg-quick: line 82: exec: sudo: not found

The relevant lines are:

Code: [Select]
auto_su() {
[[ $UID == 0 ]] || exec sudo -p "$PROGRAM must be run as root. Please enter the password for %u to continue: " -- "$BASH" -- "$SELF" "${ARGS[@]}"
}


What would be the better way to edit this for use without sudo?

This is possibly the best set of instructions I have come across, although a considerable amount of reading went before it  :)

https://www.scaleway.com/en/docs/installing-wireguard-vpn-linux/


EDIT: I forgot to add in here that launching as root bypasses that sudo use so all ok it seems.
Logged
"Posterity - a paultry form of eternity"  L. Cohen

Kernel: 5.4.12-pclos1;  Desktop: KDE Plasma 5.17.5 ;  TK: QT 5.12.6; Mobo: ASUSTeK P8Z68-V PRO v: Rev 1.0.1;   CPU: Quad core i7-3770S;   Mem: 8 GB;   Graphics: Intel Xeon E3-1200 v2/3rd;   Display:  LG 2560x1080 60Hz

Offline Legs11

  • PCLinuxOS Tester
  • Super Villain
  • *******
  • Posts: 31907
  • Veni Vidi Vici MLU
Re: WireGuard
« Reply #6 on: January 05, 2020, 05:58:08 PM »
I appear to have the server set up OK.

Code: [Select]
# wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 192.168.66.1/32 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Code: [Select]
# wg show
interface: wg0
  public key: tqlocQV2bYQTrvgtwkVRaGW/H25D2tvo8BQ7iU8Fs28=
  private key: (hidden)
  listening port: 51820

Code: [Select]
# ifconfig | grep -A 6 wg0
wg0       Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
          inet addr:192.168.66.1  P-t-P:192.168.66.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP  MTU:1420  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:1816 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

Code: [Select]
# wg-quick down wg0
[#] wg showconf wg0
[#] ip link delete dev wg0
[#] iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

Code: [Select]
# ifconfig | grep -A 6 wg0
Logged
"Posterity - a paultry form of eternity"  L. Cohen

Kernel: 5.4.12-pclos1;  Desktop: KDE Plasma 5.17.5 ;  TK: QT 5.12.6; Mobo: ASUSTeK P8Z68-V PRO v: Rev 1.0.1;   CPU: Quad core i7-3770S;   Mem: 8 GB;   Graphics: Intel Xeon E3-1200 v2/3rd;   Display:  LG 2560x1080 60Hz

Offline Tex

  • Administrator
  • Super Villain
  • **********
  • Posts: 21971
  • Space City, Tx
Re: WireGuard
« Reply #7 on: January 07, 2020, 01:20:00 AM »
I appear to have the server set up OK.

Code: [Select]
# wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 192.168.66.1/32 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Code: [Select]
# wg show
interface: wg0
  public key: tqlocQV2bYQTrvgtwkVRaGW/H25D2tvo8BQ7iU8Fs28=
  private key: (hidden)
  listening port: 51820

Code: [Select]
# ifconfig | grep -A 6 wg0
wg0       Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
          inet addr:192.168.66.1  P-t-P:192.168.66.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP  MTU:1420  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:1816 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

Code: [Select]
# wg-quick down wg0
[#] wg showconf wg0
[#] ip link delete dev wg0
[#] iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

Code: [Select]
# ifconfig | grep -A 6 wg0

Congrats. Now you can be ready to help the rest of us when we are ready to try it with our vpn service?

Logged

Offline Paris Hilton

  • Jr. Member
  • **
  • Posts: 46
Re: WireGuard
« Reply #8 on: January 07, 2020, 03:03:36 AM »
I appear to have the server set up OK.

Code: [Select]
# wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 192.168.66.1/32 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Code: [Select]
# wg show
interface: wg0
  public key: tqlocQV2bYQTrvgtwkVRaGW/H25D2tvo8BQ7iU8Fs28=
  private key: (hidden)
  listening port: 51820

Code: [Select]
# ifconfig | grep -A 6 wg0
wg0       Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
          inet addr:192.168.66.1  P-t-P:192.168.66.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP  MTU:1420  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:1816 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

Code: [Select]
# wg-quick down wg0
[#] wg showconf wg0
[#] ip link delete dev wg0
[#] iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

Code: [Select]
# ifconfig | grep -A 6 wg0

Congrats. Now you can be ready to help the rest of us when we are ready to try it with our vpn service?

That would be hot.
Logged
That's hot!

Offline Legs11

  • PCLinuxOS Tester
  • Super Villain
  • *******
  • Posts: 31907
  • Veni Vidi Vici MLU
Re: WireGuard
« Reply #9 on: January 07, 2020, 05:34:46 AM »

Congrats. Now you can be ready to help the rest of us when we are ready to try it with our vpn service?

Hahahaha .......  that is the sum total of my knowledge in that post!  :D

My machine is now set to operate as a VPN service.

I have yet to arrange a client machine on a different WAN address to be set up to use this, and then check what it can and cannot access etc etc etc.

My main reason for attempting this is to provide SECURE access from my location to such as stored video files and live TV channels, to approved client machine/s I might bring with me when away from home, or maybe someone I wished to share with on an ongoing basis.

Forwarding ports to a server is probably ok for intermittent use, but for something to be left in place the extra security of the private and public key set up is warranted, IMO.

####

I expect that I have some some errors or omissions in my set up of the server.
Hopefully if someone else tries it they can pick holes in what I have done and help me improve my set up.

Logged
"Posterity - a paultry form of eternity"  L. Cohen

Kernel: 5.4.12-pclos1;  Desktop: KDE Plasma 5.17.5 ;  TK: QT 5.12.6; Mobo: ASUSTeK P8Z68-V PRO v: Rev 1.0.1;   CPU: Quad core i7-3770S;   Mem: 8 GB;   Graphics: Intel Xeon E3-1200 v2/3rd;   Display:  LG 2560x1080 60Hz