Sign up to save your podcasts
Or
Share HPR3286: Wireguard How To
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
HPR3286: Wireguard How To
Wireguard How To
Firstly, I am not an expert. These are just my findings setting up wireguard at home and in my office at work.
I've used a program called sshuttle for 7/8 years to attach myself to my home and work networks when on public/untrusted networks or if I need to access some resource at work from home.
Sshuttle for the main part works great and the main benefit is that the only port you ever need to open on the server network is whichever port you have your ssh server running on.
The downside to sshuttle is that it won't work with my android devices so I've been using a paid for VPN called PIA on untrusted networks or just staying on 3g/4g and not have any way to connect to my home or work network.
Sshuttle is written in python and a few weeks ago Arch Linux moved to python 3.8 which broke sshuttle. There is a workaround using pyenv and a bug has been filled with the python team and a it's already been fixed upstream https://bugs.python.org/issue35415.
Anyway.
I thought it was about time I looked at setting up a proper VPN on my work network.
So I spent a couple of hours reading up on openVPN and creating client and server certificates making a server config on the work server forwarding the port on the router to the server.
Then I spent a couple more hours poking around trying to figure out why it wouldn't work.
I eventually gave up frustrated.
I'm not blaming openVPN, I know it works for many many people, but I couldn't see what was wrong.
So I did what we all do in a situation like this.
I took to social media, which in my case is my pleroma server and posted a message to the fediverse.
"OpenVPN has fried my brain. Need booze"
Then I had a beer, a nice cold Stiegl goldbrau if I remember right.
A few minutes later a message popped up from theru, it contained one word with a smiley face. Wireguard.
Now I had looked at wireguard a while ago. You might remember it hit the headlines because Linus Torvalds had praised how beautifully written the code was for it. It turns out what he said was "It's beautiful when compared to openVPN's code". Back then the how to guides were really hard, for me anyway to follow.
There were just examples of two machines on the same LAN connected together and I really struggled to get my head around it being serverless and both machines being peers to each other; after all openVPN has clients and servers and even sshuttle on my laptop connects to a server machine.
There where a couple of wiki pages that I read on Christmas Eve that gave me a lightbulb moment and some clarity on the way it worked. So I decided to try and set it up.
The articles acknowledge that it is a peer to peer technology and then go on to call one peer a server and the other peer the client.
Also I would recommend for your first client use an android device with the wireguard app. It's more user friendly in that some of the config is auto filled for you and then you can export the config file and examine it in a text editor later to get a better handle on things.
I'm going to assume that you have installed the wireguard packages for your system and that you have given your server a static IP on your network.
I'm using Arch linux on my servers but I see the Linode Debian 'how to' works in the same way.
So we are going to log into the server and start the setup.
1st create Private and Public keys
Create directory for Keys
cd ~
mkdir wireguard
cd wireguard
Create Server Keys
umask 077
wg genkey | tee privatekey | wg pubkey > publickey
Create sub directory for client1 keys
mkdir client1
View all episodes
By Hacker Public Radio
4.2
3434 ratings
Wireguard How To
Firstly, I am not an expert. These are just my findings setting up wireguard at home and in my office at work.
I've used a program called sshuttle for 7/8 years to attach myself to my home and work networks when on public/untrusted networks or if I need to access some resource at work from home.
Sshuttle for the main part works great and the main benefit is that the only port you ever need to open on the server network is whichever port you have your ssh server running on.
The downside to sshuttle is that it won't work with my android devices so I've been using a paid for VPN called PIA on untrusted networks or just staying on 3g/4g and not have any way to connect to my home or work network.
Sshuttle is written in python and a few weeks ago Arch Linux moved to python 3.8 which broke sshuttle. There is a workaround using pyenv and a bug has been filled with the python team and a it's already been fixed upstream https://bugs.python.org/issue35415.
Anyway.
I thought it was about time I looked at setting up a proper VPN on my work network.
So I spent a couple of hours reading up on openVPN and creating client and server certificates making a server config on the work server forwarding the port on the router to the server.
Then I spent a couple more hours poking around trying to figure out why it wouldn't work.
I eventually gave up frustrated.
I'm not blaming openVPN, I know it works for many many people, but I couldn't see what was wrong.
So I did what we all do in a situation like this.
I took to social media, which in my case is my pleroma server and posted a message to the fediverse.
"OpenVPN has fried my brain. Need booze"
Then I had a beer, a nice cold Stiegl goldbrau if I remember right.
A few minutes later a message popped up from theru, it contained one word with a smiley face. Wireguard.
Now I had looked at wireguard a while ago. You might remember it hit the headlines because Linus Torvalds had praised how beautifully written the code was for it. It turns out what he said was "It's beautiful when compared to openVPN's code". Back then the how to guides were really hard, for me anyway to follow.
There were just examples of two machines on the same LAN connected together and I really struggled to get my head around it being serverless and both machines being peers to each other; after all openVPN has clients and servers and even sshuttle on my laptop connects to a server machine.
There where a couple of wiki pages that I read on Christmas Eve that gave me a lightbulb moment and some clarity on the way it worked. So I decided to try and set it up.
The articles acknowledge that it is a peer to peer technology and then go on to call one peer a server and the other peer the client.
Also I would recommend for your first client use an android device with the wireguard app. It's more user friendly in that some of the config is auto filled for you and then you can export the config file and examine it in a text editor later to get a better handle on things.
I'm going to assume that you have installed the wireguard packages for your system and that you have given your server a static IP on your network.
I'm using Arch linux on my servers but I see the Linode Debian 'how to' works in the same way.
So we are going to log into the server and start the setup.
1st create Private and Public keys
Create directory for Keys
cd ~
mkdir wireguard
cd wireguard
Create Server Keys
umask 077
wg genkey | tee privatekey | wg pubkey > publickey
Create sub directory for client1 keys
mkdir client1
More shows like Hacker Public Radio
View all
The Changelog: Software Development, Open Source
290 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
372 Listeners
LINUX Unplugged
268 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
651 Listeners
Curious Cases
820 Listeners
The Strong Towns Podcast
422 Listeners
Late Night Linux
164 Listeners
Darknet Diaries
8,061 Listeners
Cybersecurity Today
179 Listeners
CISO Series Podcast
189 Listeners
TechCrunch Daily Crunch
42 Listeners
Strict Scrutiny
5,794 Listeners
2.5 Admins
98 Listeners
Cyber Security Headlines
139 Listeners
What the Hack?
228 Listeners