Ferro's Gitbook
  • README
  • DevOps
    • Grafana_Cloud
  • OpenWrt
    • DHCP_DNS
    • GLiNet
    • boot
    • captive_portal
    • luci
    • mwan3
    • radius
    • theme
    • wireless
  • apps
    • web
  • BSD
    • Mac
  • Cloud
    • aws
    • azure
    • cf
    • gcp
    • github
    • ibm_bluemix
    • Pricing
  • container
    • docker
    • Kubernetes
    • podman
  • db
    • InfluxDB
    • loki
    • MySQL & MariaDB
    • Oracle
    • PostgreSQL
  • dev
    • AHK
    • BI
    • LBS
    • ML
    • android
    • editor
    • flutter_web
    • git
    • go
    • HTML5/BS
    • j2ee
    • js
    • js_grid
    • js_vue
    • jupyter
    • ocaml
    • powershell
    • py
    • py_GUI
    • Django
    • shell
    • snippets
    • uni
    • vba
    • wechat.zh
    • wechat_mp.zh
  • elec
    • 3D Printing
    • AC
    • MOSFET
    • battery
    • boost
    • bulk
    • metal
    • simulator
  • hw
    • GPU
    • PCI
    • arduino
    • Bluetooth
    • ent
    • Pinout
    • x86_AMD
    • x86_intel
  • linux
    • Test System
    • X
    • arch
    • fs
    • kernel
    • Memory
    • nw
    • Linux Services
    • Systemd
    • text
  • ms
    • vscode
    • windows
    • wsl
  • multimedia
    • Blender
    • audio
    • blender
    • graphics
    • home
  • nw
    • L3
    • L3_IPv6
    • SDN
    • VPN
    • dns
    • hw
    • Low Level
    • mikrotik
    • mwan
    • Openflow
    • OVS
    • pfsense
    • ppp
    • proxy
    • tsocks
    • pxe
    • Security
    • TCP
  • phone
    • Mi
    • android
  • Storage(SW)
  • vt
    • Intel GVT-g
    • PVE
    • QEMU
    • VDI
    • hyper-v
    • kube
    • libvirt
    • OpenStack
  • Web
    • IBM_MQ
    • IBM_Websphere
    • SSL
    • Apache/IBM_IHS
    • blockchain
    • caddy
    • j2ee
    • nginx
    • static_site
Powered by GitBook
On this page
  • WireGuard - C
  • key
  • wg-quick
  • forwarding
  • Tailscale
  • Subnet
  • zerotier
  • Moons
  • nebula - go

Was this helpful?

Edit on Git
  1. nw

VPN

PreviousSDNNextdns

Last updated 7 months ago

Was this helpful?

L4:

WireGuard - C

  • debug: https://www.wireguard.com/quickstart/#debug-info

  • Network Namespace: https://www.wireguard.com/netns/

  • uci: https://wiki.archlinux.org/title/WireGuard

  • docker: https://github.com/masipcat/wireguard-go-docker

  • auto: https://github.com/burghardt/easy-wg-quick

key

wg genkey | tee privatekey | wg pubkey > publickey

https://github.com/axllent/wireguard-vanity-keygen/releases

./wireguard-vanity-keygen --case-sensitive --limit 1 PRE

https://www.wireguard.com/protocol/

  • optional pre-shared key that is mixed into the public key cryptography, all-zeros if not in use

    wg genpsk > presharedkey

private-key file: https://ubuntu.com/server/docs/security-tips-for-wireguard-vpn#preventing-accidental-leakage-of-private-keys

[Interface]
PostUp = wg set %i private-key /etc/wireguard/%i.key

wg-quick

https://github.com/WireGuard/wireguard-tools/blob/master/src/wg-quick/linux.bash

https://wiki.archlinux.org/title/WireGuard#wg-quick

ls /etc/wireguard/*.conf | grep -Po '(?<=/)\w+(?=.conf)' | xargs -I % sh -c "wg-quick down % ; echo --- ; wg-quick up %"
wg ; echo --- ; iptables -L -t nat -v ; echo --- ; iptables -L -v ; sysctl net.ipv4.conf.all.forwarding
systemctl enable wg-quick@wgX

forwarding

https://unix.stackexchange.com/a/722448

sever

[Interface]
PrivateKey = sever
Address = 192.168.44.1/24
ListenPort = 

[Peer]
PublicKey = client
AllowedIPs = 192.168.44.11/32, 192.168.88.0/24 # ip route | grep wg

home gateway

[Interface]
PrivateKey = client
Address = 192.168.44.11/24
PreUp = sysctl -w net.ipv4.conf.all.forwarding=1
PreUp =    iptables -t nat -A POSTROUTING -o ens18 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o ens18 -j MASQUERADE

[Peer]
PublicKey = server
Endpoint = server:port
AllowedIPs = 192.168.44.0/24
PersistentKeepalive = 25

Tailscale

Free for Personal: https://tailscale.com/pricing/

curl -fsSL https://tailscale.com/install.sh | sh
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1
tailscale up --advertise-exit-node # enable on WebUI: Edit route settings
tailscale status
  • Console: https://login.tailscale.com/admin/machines

  • relay: https://tailscale.com/kb/1118/custom-derp-servers/

Subnet

https://tailscale.com/kb/1019/subnets#connect-to-tailscale-as-a-subnet-router

  • Linux: Enable IP forwarding

  • Web: Edit route settings / Access Controls

zerotier

curl -s https://install.zerotier.com | sudo bash
service zerotier-one status
zerotier-cli status
zerotier-cli peers # PLANET/LEAF

Moons

Own Roots (a.k.a. Moons): https://docs.zerotier.com/roots/

zerotier-cli join ...
cd /var/lib/zerotier-one
zerotier-idtool initmoon identity.public >> moon.json
chown zerotier-one:zerotier-one moon.json

nebula - go

https://github.com/slackhq/nebula

/nw/proxy/
WireGuard - C
key
wg-quick
forwarding
Tailscale
Subnet
zerotier
nebula - go