WireGuard: Difference between revisions
→Test and Troubleshooting: ip route commands |
→Route for specific user: add port forwading |
||
| (6 intermediate revisions by the same user not shown) | |||
| Line 32: | Line 32: | ||
Internet via another peer. | Internet via another peer. | ||
== DNS for the proxy client == | == Secure DNS for the proxy client == | ||
You can use | You can use a secure DNS client such as knot dns resolver, | ||
which comes with a set of authenticated dns servers | which comes with a set of authenticated dns servers ips | ||
built in. | built in. | ||
| Line 52: | Line 52: | ||
} | } | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Secure DNS hinders usage of captive portals. See [[systemd-resolved]] for solutions. | |||
= AllowedIPs = | = AllowedIPs = | ||
| Line 124: | Line 126: | ||
Credit: this section is adapted from ArchWiki. | Credit: this section is adapted from ArchWiki. | ||
This section should fully support IPv4 and v6 dual stack. | |||
== Peer setup == | == Peer setup == | ||
| Line 291: | Line 294: | ||
FirewallMark = 42; | FirewallMark = 42; | ||
# we specify that the routing table 1000 must be used | # (... continued) we specify that the routing table 1000 must be used | ||
# (which is the wireguard routing table). This rule routes all traffic through wireguard. | # (which is the wireguard routing table). This rule routes all traffic through wireguard. | ||
# inside routingPolicyRules section is called Table, not RouteTable | # inside routingPolicyRules section is called Table, not RouteTable | ||
| Line 384: | Line 387: | ||
Family = "both"; | Family = "both"; | ||
} | } | ||
] | ]; | ||
# Configure port forwarding for Transmission under NAT | |||
networking.nat.forwardPorts = | |||
[ | |||
{ | |||
destination = "10.0.0.1:80"; | |||
proto = "tcp"; | |||
sourcePort = 8080; | |||
} | |||
{ | |||
destination = "[fc00::2]:80"; | |||
proto = "tcp"; | |||
sourcePort = 8080; | |||
} | |||
]; | |||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 774: | Line 791: | ||
* [https://www.youtube.com/watch?v=us7V2NvsQRA Talk by @fpletz at NixCon 2018 about networkd and his WireGuard setup] | * [https://www.youtube.com/watch?v=us7V2NvsQRA Talk by @fpletz at NixCon 2018 about networkd and his WireGuard setup] | ||
* [https://web.archive.org/web/20210101230654/https://www.the-digital-life.com/wiki/wireguard-troubleshooting/ WireGuard Troubleshooting (on Web Archive)] shows how to enable debug logs | * [https://web.archive.org/web/20210101230654/https://www.the-digital-life.com/wiki/wireguard-troubleshooting/ WireGuard Troubleshooting (on Web Archive)] shows how to enable debug logs | ||
= Additional routing setups = | |||
For documentation on more routing and topology setups, such as | |||
* Point to Point Configuration, | |||
* Hub and Spoke Configuration, | |||
* Point to Site Configuration, | |||
* Site to Site Configuration, | |||
see [https://docs.procustodibus.com/guide/wireguard/ Pro Custodibus Documentation], [https://web.archive.org/web/20250920231827/https://docs.procustodibus.com/guide/wireguard/ Mirror on Internet Archive]. | |||
[[Category:Networking]] | [[Category:Networking]] | ||
[[Category:VPN]] | [[Category:VPN]] | ||