BSD Router Project

User Tools

Site Tools

Trace:
documentation:examples:gre_ipsec_and_openvpn

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
documentation:examples:gre_ipsec_and_openvpn [2020/01/13 14:08] – [VPN with GRE, GIF, IPSec and OpenVPN] olivierdocumentation:examples:gre_ipsec_and_openvpn [2020/01/13 14:19] – [Testing] olivier
Line 1160: Line 1160:
 16:52:40.744771 IP 10.0.34.4.1194 > 10.0.23.2.1194: UDP, length 114 16:52:40.744771 IP 10.0.34.4.1194 > 10.0.23.2.1194: UDP, length 114
 16:52:40.744786 IP 10.0.34.4.1194 > 10.0.23.2.1194: UDP, length 22 16:52:40.744786 IP 10.0.34.4.1194 > 10.0.23.2.1194: UDP, length 22
 +</code>
 +
 +===== Wireguard =====
 +
 +==== Key pairs generation ====
 +
 +The first step is to generate a couple of private and public keys on each wireguard endpoint.
 +
 +On VM2 and on VM4, generate the keys:
 +
 +<code>
 +cd /usr/local/etc/wireguard
 +wg genkey > private
 +chmod 600 private
 +wg pubkey < private > public
 +</code>
 +
 +==== Router 2 ====
 +
 +Display router 2 private key, and router 4 public key.
 +
 +<code>
 +cat > /usr/local/etc/wireguard/wg0.conf <<EOF
 +[Interface]
 +PrivateKey = 8Og1cCmvirK+zcGus/EyaA8aiFdzjjtS9GbuBa/bqFQ=
 +ListenPort = 51820
 +
 +[Peer]
 +PublicKey = FSvVqj2s1FZqsSIvPLrE1RRTgbaPLbfG87P36F21M1g=
 +AllowedIPs = 10.0.45.0/24,2001:db8:45::2/64
 +Endpoint = 10.0.34.4:51820
 +EOF
 +
 +sysrc wireguard_interfaces=wg0
 +service wireguard enable
 +service wireguard start
 +</code>
 +
 +==== Router 4 ====
 +
 +Display router 4 private key, and router 2 public key.
 +
 +<code>
 +cat > /usr/local/etc/wireguard/wg0.conf <<EOF
 +[Interface]
 +PrivateKey = ADfm6+sXZnoyDAkG/MXXy062pjSgh2GgfAIKwX+ewGg=
 +ListenPort = 51820
 +
 +[Peer]
 +PublicKey = gaQij176wrz3g+2RTJ/S1oEnc7rx2reU1Z0Thrv4oXc=
 +AllowedIPs = 10.0.12.0/24,2001:db8:12::2/64
 +Endpoint = 10.0.23.2:51820
 +EOF
 +
 +sysrc wireguard_interfaces=wg0
 +service wireguard enable
 +service wireguard start
 +</code>
 +
 +==== Testing ====
 +
 +Pinging VM5 from VM1:
 +
 +<code>
 +[root@VM1]~# ping -c2 10.0.45.5
 +PING 10.0.45.5 (10.0.45.5): 56 data bytes
 +64 bytes from 10.0.45.5: icmp_seq=0 ttl=62 time=2.135 ms
 +64 bytes from 10.0.45.5: icmp_seq=1 ttl=62 time=0.783 ms
 +
 +--- 10.0.45.5 ping statistics ---
 +2 packets transmitted, 2 packets received, 0.0% packet loss
 +round-trip min/avg/max/stddev = 0.783/1.459/2.135/0.676 ms
 +
 +[root@VM1]~# ping6 -c2 2001:db8:45::5
 +PING6(56=40+8+8 bytes) 2001:db8:12::1 --> 2001:db8:45::5
 +16 bytes from 2001:db8:45::5, icmp_seq=0 hlim=62 time=1.779 ms
 +16 bytes from 2001:db8:45::5, icmp_seq=1 hlim=62 time=0.764 ms
 +
 +--- 2001:db8:45::5 ping6 statistics ---
 +2 packets transmitted, 2 packets received, 0.0% packet loss
 +round-trip min/avg/max/std-dev = 0.764/1.272/1.779/0.507 ms
 </code> </code>
documentation/examples/gre_ipsec_and_openvpn.txt · Last modified: 2023/07/10 12:40 by olivier
Except where otherwise noted, content on this wiki is licensed under the following license: BSD 2-Clause
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki