documentation:examples:gre_ipsec_and_openvpn
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
documentation:examples:gre_ipsec_and_openvpn [2022/10/04 18:33] – olivier | documentation:examples:gre_ipsec_and_openvpn [2023/07/10 12:40] (current) – [Router 4] olivier | ||
---|---|---|---|
Line 1230: | Line 1230: | ||
service openvpn stop | service openvpn stop | ||
sysrc kld_list=" | sysrc kld_list=" | ||
+ | kldload if_ovpn | ||
echo " | echo " | ||
service openvpn start | service openvpn start | ||
Line 1239: | Line 1240: | ||
service openvpn stop | service openvpn stop | ||
sysrc kld_list=" | sysrc kld_list=" | ||
- | service | + | kldload if_ovpn |
+ | service | ||
</ | </ | ||
Line 1320: | Line 1322: | ||
===== Wireguard ===== | ===== Wireguard ===== | ||
- | ==== Key pairs generation ==== | + | On current (14.0) needs only wireguard-tools (kernel module included), on older (12 or 13) needs wireguard-kmod. |
+ | ==== Key pairs generation | ||
The first step is to generate a couple of private and public keys on each wireguard endpoint. | The first step is to generate a couple of private and public keys on each wireguard endpoint. | ||
- | On VM2 and on VM4, generate the keys: | + | The standard way of generating |
< | < | ||
Line 1333: | Line 1336: | ||
</ | </ | ||
+ | But on this example, we will use static keys as example. | ||
==== Router 2 ==== | ==== Router 2 ==== | ||
- | Display router 2 private key, and router 4 public key. | + | Write example-only static |
< | < | ||
+ | echo " | ||
+ | echo " | ||
cat > / | cat > / | ||
[Interface] | [Interface] | ||
- | PrivateKey = 8Og1cCmvirK+zcGus/ | + | PrivateKey = oFsqDWpgtlma4Dy3YkPd918d3Nw9xdV9MBVn4YT1N38= |
ListenPort = 51820 | ListenPort = 51820 | ||
[Peer] | [Peer] | ||
- | PublicKey = FSvVqj2s1FZqsSIvPLrE1RRTgbaPLbfG87P36F21M1g= | + | PublicKey = o267Qf43WlVTawLq/ |
- | AllowedIPs = 10.0.45.0/ | + | AllowedIPs = 10.0.45.0/ |
Endpoint = 10.0.34.4: | Endpoint = 10.0.34.4: | ||
EOF | EOF | ||
Line 1356: | Line 1362: | ||
==== Router 4 ==== | ==== Router 4 ==== | ||
- | Display | + | Generate example-only |
< | < | ||
+ | echo " | ||
+ | echo " | ||
cat > / | cat > / | ||
[Interface] | [Interface] | ||
- | PrivateKey = ADfm6+sXZnoyDAkG/ | + | PrivateKey = 4HRXmxN77CVb5VykdNX6mqkzCh2ycu4hfWfYHTvkLGE= |
ListenPort = 51820 | ListenPort = 51820 | ||
[Peer] | [Peer] | ||
- | PublicKey = gaQij176wrz3g+2RTJ/S1oEnc7rx2reU1Z0Thrv4oXc= | + | PublicKey = z9wBhxr/K405uQeYnCoGRi6VGWu/ |
- | AllowedIPs = 10.0.12.0/ | + | AllowedIPs = 10.0.12.0/ |
Endpoint = 10.0.23.2: | Endpoint = 10.0.23.2: | ||
EOF | EOF | ||
Line 1397: | Line 1405: | ||
2 packets transmitted, | 2 packets transmitted, | ||
round-trip min/ | round-trip min/ | ||
+ | </ | ||
+ | |||
+ | Are we using the kernel module? | ||
+ | < | ||
+ | root@VM2:~ # kldstat -v -n if_wg.ko | ||
+ | Id Refs Address | ||
+ | | ||
+ | Contains modules: | ||
+ | Id Name | ||
+ | 473 wg | ||
+ | </ | ||
+ | |||
+ | Displaying wg status on VM2: | ||
+ | < | ||
+ | root@VM2:~ # ifconfig wg0 | ||
+ | wg0: flags=80c1< | ||
+ | options=80000< | ||
+ | groups: wg | ||
+ | nd6 options=101< | ||
+ | root@VM2:~ # netstat -rn | grep " | ||
+ | Destination | ||
+ | 10.0.45.0/ | ||
+ | Destination | ||
+ | 2001: | ||
+ | root@VM2:~ # wg show | ||
+ | interface: wg0 | ||
+ | public key: z9wBhxr/ | ||
+ | private key: (hidden) | ||
+ | listening port: 51820 | ||
+ | |||
+ | peer: o267Qf43WlVTawLq/ | ||
+ | endpoint: 10.0.34.4: | ||
+ | allowed ips: 2001: | ||
+ | latest handshake: 32 seconds ago | ||
+ | transfer: 356 B received, 436 B sent | ||
</ | </ |
documentation/examples/gre_ipsec_and_openvpn.1664901212.txt.gz · Last modified: 2022/10/04 18:33 by olivier