Wireguard
WireGuard is not based on a client-server structure, which is perfect for this use-case. WireGuard used a peer-to-peer architecture.
This means it can be used without a static server. When a node disconnects only the connection drops. If the other node has other peer-to-peer connections, the vNet will still be up. (Mesh Topology).
This comes with a downside that every node must be connected manually to each node. There are distributed VPN services like VPN0, however for this use-case we will only use peer-to-peer VPN connections. This is because adding another node to the network is highly unlikely at the moment.
Setting up WireGuard
Installing
WireGuard is not yet added to the kernel, therefore we need the Header packets.
apt-get install linux-generic
add-apt-repository ppa:wireguard/wireguard
apt-get install wireguard-dkms wireguard-tools
Add wireguard to the boot options
echo "wireguard" | sudo tee -a /etc/modules
Load the module
modprobe wireguard
Setting up the VPN
Create Public and Private Keys
Don't create another psk key on the other node. Copy it from the other one.
cd /etc/wireguard
wg genkey > private.key
wg pubkey > public.key < private.key
wg genpsk > psk.key
Make sure only the root can read those files
cd /etc/wireguard
chmod 700 *
Create Network Interface
ip link add wg0 type wireguard
ip addr add 10.1.1.2/24 dev wg0
wg set wg0 private-key ./private.key
Start the interface
ip link set wg0 up
Check everything
wg
Peer the clients
Copy the preshared key (psk.key) of the first node to the other node. On both servers, the psk must be the same.
wg set wg0 peer "Public Key of Client 2" preshared-key "Preshared Key File of Client 1 and 2" allowed-ips 10.1.1.2/32 endpoint VNETIP:LISTENPORT
VNETIP
The configured vnet ipaddress of the other client
Preshared Key
the file in /etc/wireguard/psk.key
LISTENPORT
The listen port of the other client
Setting Static Configuration
Create /etc/wireguard/wg0.conf
:
wg showconf wg0 > /etc/wireguard/wg0.conf
create a script that peers the connections and add it to crontab for every restart /etc/wireguard/peer_wireguard.sh
ip link add wg0 type wireguard
ip addr add 10.1.1.2/24 dev wg0
wg setconf wg0 /etc/wireguard/wg0.conf
ip link set wg0 up
List of sources
[^1]: wiki.ubuntuusers.de - https://wiki.ubuntuusers.de/WireGuard/
Last updated
Was this helpful?