mirror of https://github.com/tiyn/wiki
parent
29ad3eec17
commit
75929dd327
@ -0,0 +1,29 @@
|
|||||||
|
# OpenVPN
|
||||||
|
|
||||||
|
[OpenVPN](https://openvpn.net) is a free software to create a VPN via an
|
||||||
|
encrypted TLS connection.
|
||||||
|
|
||||||
|
## Set up
|
||||||
|
|
||||||
|
In the following sections the different set ups of OpenVPN usages are described.
|
||||||
|
|
||||||
|
### Server
|
||||||
|
|
||||||
|
The software can be set up via [Docker](/wiki/docker.md) with the
|
||||||
|
[kylemanna image](./docker/kylemanna_-_openvpn.md).
|
||||||
|
Additionally to this a client is needed on the system that need access to the
|
||||||
|
server software.
|
||||||
|
|
||||||
|
### Client
|
||||||
|
|
||||||
|
OpenVPN clients can be found for many devices.
|
||||||
|
For Android for example there is
|
||||||
|
[OpenVPN for Android in the F-Droid store](https://f-droid.org/de/packages/de.blinkt.openvpn/).
|
||||||
|
For most linux distributions there is a package called `openvpn`.
|
||||||
|
|
||||||
|
### Proxy
|
||||||
|
|
||||||
|
For OpenVPN a proxy acts as an intermediary between the system communicating
|
||||||
|
with the proxy and the OpenVPN server.
|
||||||
|
A proxy can be set up via [Docker](/wiki/docker.md) with the
|
||||||
|
[jonohill image](./docker/jonohill_-_docker-openvpn-proxy.md).
|
@ -0,0 +1,86 @@
|
|||||||
|
# WireGuard
|
||||||
|
|
||||||
|
[WireGuard](https://www.wireguard.com/) is a free and open-source software that
|
||||||
|
implements encrypted VPNs.
|
||||||
|
It was designed to be especially fast and secure.
|
||||||
|
This section including its subsections - especially the [usage](#usage-wg) is
|
||||||
|
based on an extensive guide on WireGuard by
|
||||||
|
[DigitalOcean](https://www.digitalocean.com/community/tutorials/how-to-set-up-wireguard-on-ubuntu-20-04#step-9-connecting-the-wireguard-peer-to-the-tunnel).
|
||||||
|
|
||||||
|
## Setup
|
||||||
|
|
||||||
|
In the following sections the different set ups of WireGuard usages are described.
|
||||||
|
|
||||||
|
### Server
|
||||||
|
|
||||||
|
The software can be set up via [Docker](/wiki/docker.md) with the
|
||||||
|
[linuxserver image](/wiki/docker/linuxserver_-_wireguard.md).
|
||||||
|
Additionally to this a [client](#client-wg) is needed on the system that
|
||||||
|
accesses the server.
|
||||||
|
|
||||||
|
### Client
|
||||||
|
|
||||||
|
WireGuard clients can be found for many devices.
|
||||||
|
For Android for example there is
|
||||||
|
[Wireguard for Android in the F-Droid store](https://f-droid.org/de/packages/com.wireguard.android/).
|
||||||
|
For most linux distributions there is a package called `wireguard-tools`.
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
|
||||||
|
Wireguard clients connect to servers by using a `.conf` file.
|
||||||
|
For mobile devices often times a QR-code can also be used.
|
||||||
|
|
||||||
|
In Linux based operating systems the `.conf` can be placed at
|
||||||
|
the path `/etc/wireguard/wg0.conf`.
|
||||||
|
Afterwards wireguard can be started and stopped by running the following
|
||||||
|
commands.
|
||||||
|
|
||||||
|
```
|
||||||
|
wg-quick up wg0
|
||||||
|
wg-quick down wg0
|
||||||
|
```
|
||||||
|
|
||||||
|
When using multiple `.conf` files the number behind `wg` can be incremented.
|
||||||
|
When starting and stopping wireguard with `wg-quick` the corresponding number
|
||||||
|
should be used.
|
||||||
|
Alternatively also other names not including `wg` can be used.
|
||||||
|
The term `wg0` the incremented version of it has to be changed accordingly then.
|
||||||
|
|
||||||
|
### Setting Up Local DNS
|
||||||
|
|
||||||
|
This section focusses on the usage of a [local DNS](/wiki/dns.md) like
|
||||||
|
[bind9](/wiki/bind.md#configure-local-dns-server-with-forwarding).
|
||||||
|
This can be especially useful for using
|
||||||
|
[local domains](/wiki/bind.md#configure-local-domains).
|
||||||
|
The following guide is based on a comments by the Reddit users
|
||||||
|
[orthecreedence and rptb1](https://www.reddit.com/r/WireGuard/comments/cmhap6/use_both_wireguard_and_local_dns_servers/).
|
||||||
|
|
||||||
|
To set up the usage of a local DNS the WireGuard configuration file needs to be
|
||||||
|
changed.
|
||||||
|
The following lines have to be appended under the `[Interface]` section and the
|
||||||
|
DNS IP address (in this case `192.168.178.1`) has to be changed as needed.
|
||||||
|
`wg0` is the name of the configuration file (see [the usage section](#wg-usage))
|
||||||
|
for reference.
|
||||||
|
|
||||||
|
```txt
|
||||||
|
PostUp = resolvectl dns wg0 192.168.178.1
|
||||||
|
PostDown = resolvconf -d %i -f
|
||||||
|
```
|
||||||
|
|
||||||
|
The `PostUp` line sets up the DNS while the `PostDown` line shuts it down after
|
||||||
|
wireguard is closed.
|
||||||
|
|
||||||
|
## Troubleshooting
|
||||||
|
|
||||||
|
This section addresses various errors and ways how to troubleshoot them.
|
||||||
|
|
||||||
|
### Unknown Device Type / Protocol Not Supported
|
||||||
|
|
||||||
|
Especially when running `wg-quick up wg0` this error can appear.
|
||||||
|
The most probable source of this error is that the version of the package
|
||||||
|
`linux` doesn't match with the version of the [wireguard package](#client-wg) or
|
||||||
|
the system has been updated and the system wasn't restarted causing the same
|
||||||
|
problem.
|
||||||
|
To fix this `linux` can be reinstalled but a full update of the system is
|
||||||
|
recommended.
|
||||||
|
Because it changes the kernel the system needs to be restarted afterwards.
|
Loading…
Reference in new issue