3.2 KiB
WireGuard
WireGuard is a free and open-source software that implements encrypted VPNs. It was designed to be especially fast and secure. This section including its subsections - especially the usage is based on an extensive guide on WireGuard by DigitalOcean.
Setup
In the following sections the different set ups of WireGuard usages are described.
Server
The software can be set up via Docker with the linuxserver image. Additionally to this a client is needed on the system that accesses the server.
Client
WireGuard clients can be found for many devices.
For Android for example there is
Wireguard for Android in the F-Droid store.
For most linux distributions there is a package called wireguard-tools
.
Usage
Wireguard clients connect to servers by using a .conf
file.
For mobile devices often times a QR-code can also be used.
In Linux based operating systems the .conf
can be placed at
the path /etc/wireguard/wg0.conf
.
Afterwards wireguard can be started and stopped by running the following
commands.
wg-quick up wg0
wg-quick down wg0
When using multiple .conf
files the number behind wg
can be incremented.
When starting and stopping wireguard with wg-quick
the corresponding number
should be used.
Alternatively also other names not including wg
can be used.
The term wg0
the incremented version of it has to be changed accordingly then.
Setting Up Local DNS
This section focusses on the usage of a local DNS like bind9. This can be especially useful for using local domains. The following guide is based on a comments by the Reddit users orthecreedence and rptb1.
To set up the usage of a local DNS the WireGuard configuration file needs to be
changed.
The following lines have to be appended under the [Interface]
section and the
DNS IP address (in this case 192.168.178.1
) has to be changed as needed.
wg0
is the name of the configuration file (see the usage section)
for reference.
PostUp = resolvectl dns wg0 192.168.178.1
PostDown = resolvconf -d %i -f
The PostUp
line sets up the DNS while the PostDown
line shuts it down after
wireguard is closed.
Troubleshooting
This section addresses various errors and ways how to troubleshoot them.
Unknown Device Type / Protocol Not Supported
Especially when running wg-quick up wg0
this error can appear.
The most probable source of this error is that the version of the package
linux
doesn't match with the version of the wireguard package or
the system has been updated and the system wasn't restarted causing the same
problem.
To fix this linux
can be reinstalled but a full update of the system is
recommended.
Because it changes the kernel the system needs to be restarted afterwards.