User Tools

Site Tools


documentation:examples:gre_ipsec_and_openvpn

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
documentation:examples:gre_ipsec_and_openvpn [2022/10/04 18:33] olivierdocumentation:examples:gre_ipsec_and_openvpn [2023/07/10 12:40] (current) – [Router 4] olivier
Line 1230: Line 1230:
 service openvpn stop service openvpn stop
 sysrc kld_list="if_ovpn" sysrc kld_list="if_ovpn"
 +kldload if_ovpn
 echo "topology subnet" >> /usr/local/etc/openvpn/openvpn.conf echo "topology subnet" >> /usr/local/etc/openvpn/openvpn.conf
 service openvpn start service openvpn start
Line 1239: Line 1240:
 service openvpn stop service openvpn stop
 sysrc kld_list="if_ovpn" sysrc kld_list="if_ovpn"
-service openvn start+kldload if_ovpn 
 +service openvpn start
 </code> </code>
  
Line 1320: Line 1322:
 ===== Wireguard ===== ===== Wireguard =====
  
-==== Key pairs generation ====+On current (14.0) needs only wireguard-tools (kernel module included), on older (12 or 13) needs wireguard-kmod. 
 +==== Key pairs generation on VM2 and VM4 ====
  
 The first step is to generate a couple of private and public keys on each wireguard endpoint. The first step is to generate a couple of private and public keys on each wireguard endpoint.
  
-On VM2 and on VM4, generate the keys:+The standard way of generating keys is using this command:
  
 <code> <code>
Line 1333: Line 1336:
 </code> </code>
  
 +But on this example, we will use static keys as example.
 ==== Router 2 ==== ==== Router 2 ====
  
-Display router 2 private key, and router 4 public key.+Write example-only static and public key, on real-life, used the one generated by wg.
  
 <code> <code>
 +echo "oFsqDWpgtlma4Dy3YkPd918d3Nw9xdV9MBVn4YT1N38=" > /usr/local/etc/wireguard/private
 +echo "z9wBhxr/K405uQeYnCoGRi6VGWu/QAhym7JgH1BguxE=" > /usr/local/etc/wireguard/public
 cat > /usr/local/etc/wireguard/wg0.conf <<EOF cat > /usr/local/etc/wireguard/wg0.conf <<EOF
 [Interface] [Interface]
-PrivateKey = 8Og1cCmvirK+zcGus/EyaA8aiFdzjjtS9GbuBa/bqFQ=+PrivateKey = oFsqDWpgtlma4Dy3YkPd918d3Nw9xdV9MBVn4YT1N38=
 ListenPort = 51820 ListenPort = 51820
  
 [Peer] [Peer]
-PublicKey = FSvVqj2s1FZqsSIvPLrE1RRTgbaPLbfG87P36F21M1g+PublicKey = o267Qf43WlVTawLq/8nrET4GQKijrjWFKiux9iNLv04
-AllowedIPs = 10.0.45.0/24,2001:db8:45::2/64+AllowedIPs = 10.0.45.0/24,2001:db8:45::/64
 Endpoint = 10.0.34.4:51820 Endpoint = 10.0.34.4:51820
 EOF EOF
Line 1356: Line 1362:
 ==== Router 4 ==== ==== Router 4 ====
  
-Display router 4 private key, and router 2 public key.+Generate example-only router 4 wg keys, and declare 2 public key.
  
 <code> <code>
 +echo "4HRXmxN77CVb5VykdNX6mqkzCh2ycu4hfWfYHTvkLGE=" > /usr/local/etc/wireguard/private
 +echo "o267Qf43WlVTawLq/8nrET4GQKijrjWFKiux9iNLv04=" > /usr/local/etc/wireguard/public
 cat > /usr/local/etc/wireguard/wg0.conf <<EOF cat > /usr/local/etc/wireguard/wg0.conf <<EOF
 [Interface] [Interface]
-PrivateKey = ADfm6+sXZnoyDAkG/MXXy062pjSgh2GgfAIKwX+ewGg=+PrivateKey = 4HRXmxN77CVb5VykdNX6mqkzCh2ycu4hfWfYHTvkLGE=
 ListenPort = 51820 ListenPort = 51820
  
 [Peer] [Peer]
-PublicKey = gaQij176wrz3g+2RTJ/S1oEnc7rx2reU1Z0Thrv4oXc+PublicKey = z9wBhxr/K405uQeYnCoGRi6VGWu/QAhym7JgH1BguxE
-AllowedIPs = 10.0.12.0/24,2001:db8:12::2/64+AllowedIPs = 10.0.12.0/24,2001:db8:12::/64
 Endpoint = 10.0.23.2:51820 Endpoint = 10.0.23.2:51820
 EOF EOF
Line 1397: Line 1405:
 2 packets transmitted, 2 packets received, 0.0% packet loss 2 packets transmitted, 2 packets received, 0.0% packet loss
 round-trip min/avg/max/std-dev = 0.764/1.272/1.779/0.507 ms round-trip min/avg/max/std-dev = 0.764/1.272/1.779/0.507 ms
 +</code>
 +
 +Are we using the kernel module?
 +<code>
 +root@VM2:~ # kldstat -v -n if_wg.ko
 +Id Refs Address                Size Name
 +    1 0xffffffff82b17000    2e550 if_wg.ko (/boot/kernel/if_wg.ko)
 +        Contains modules:
 +                 Id Name
 +                473 wg
 +</code>
 +
 +Displaying wg status on VM2:
 +<code>
 +root@VM2:~ # ifconfig wg0
 +wg0: flags=80c1<UP,RUNNING,NOARP,MULTICAST> metric 0 mtu 1420
 +        options=80000<LINKSTATE>
 +        groups: wg
 +        nd6 options=101<PERFORMNUD,NO_DAD>
 +root@VM2:~ # netstat -rn | grep "Dest\|wg0"
 +Destination        Gateway            Flags     Netif Expire
 +10.0.45.0/24       link#            US          wg0
 +Destination                       Gateway                       Flags     Netif Expire
 +2001:db8:45::/64                  link#                       US          wg0
 +root@VM2:~ # wg show
 +interface: wg0
 +  public key: z9wBhxr/K405uQeYnCoGRi6VGWu/QAhym7JgH1BguxE=
 +  private key: (hidden)
 +  listening port: 51820
 +
 +peer: o267Qf43WlVTawLq/8nrET4GQKijrjWFKiux9iNLv04=
 +  endpoint: 10.0.34.4:51820
 +  allowed ips: 2001:db8:45::/64, 10.0.45.0/24
 +  latest handshake: 32 seconds ago
 +  transfer: 356 B received, 436 B sent
 </code> </code>
documentation/examples/gre_ipsec_and_openvpn.1664901212.txt.gz · Last modified: 2022/10/04 18:33 by olivier

Except where otherwise noted, content on this wiki is licensed under the following license: BSD 2-Clause
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki