BSD Router Project

User Tools

Site Tools

Trace:
documentation:examples:gre_ipsec_and_openvpn

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
documentation:examples:gre_ipsec_and_openvpn [2022/10/29 01:12] – [Router 4] olivierdocumentation:examples:gre_ipsec_and_openvpn [2023/07/10 12:40] (current) – [Router 4] olivier
Line 1322: Line 1322:
 ===== Wireguard ===== ===== Wireguard =====
  
 +On current (14.0) needs only wireguard-tools (kernel module included), on older (12 or 13) needs wireguard-kmod.
 ==== Key pairs generation on VM2 and VM4 ==== ==== Key pairs generation on VM2 and VM4 ====
  
Line 1350: Line 1351:
 [Peer] [Peer]
 PublicKey = o267Qf43WlVTawLq/8nrET4GQKijrjWFKiux9iNLv04= PublicKey = o267Qf43WlVTawLq/8nrET4GQKijrjWFKiux9iNLv04=
-AllowedIPs = 10.0.45.0/24,2001:db8:45::2/64+AllowedIPs = 10.0.45.0/24,2001:db8:45::/64
 Endpoint = 10.0.34.4:51820 Endpoint = 10.0.34.4:51820
 EOF EOF
  
-sysrc kld_list="if_wg" 
 sysrc wireguard_interfaces=wg0 sysrc wireguard_interfaces=wg0
-kldload if_wg 
 service wireguard enable service wireguard enable
 service wireguard start service wireguard start
Line 1375: Line 1374:
 [Peer] [Peer]
 PublicKey = z9wBhxr/K405uQeYnCoGRi6VGWu/QAhym7JgH1BguxE= PublicKey = z9wBhxr/K405uQeYnCoGRi6VGWu/QAhym7JgH1BguxE=
-AllowedIPs = 10.0.12.0/24,2001:db8:12::2/64+AllowedIPs = 10.0.12.0/24,2001:db8:12::/64
 Endpoint = 10.0.23.2:51820 Endpoint = 10.0.23.2:51820
 EOF EOF
  
-sysrc kld_list="if_wg" 
 sysrc wireguard_interfaces=wg0 sysrc wireguard_interfaces=wg0
-kldload if_wg 
 service wireguard enable service wireguard enable
 service wireguard start service wireguard start
Line 1408: Line 1405:
 2 packets transmitted, 2 packets received, 0.0% packet loss 2 packets transmitted, 2 packets received, 0.0% packet loss
 round-trip min/avg/max/std-dev = 0.764/1.272/1.779/0.507 ms round-trip min/avg/max/std-dev = 0.764/1.272/1.779/0.507 ms
 +</code>
 +
 +Are we using the kernel module?
 +<code>
 +root@VM2:~ # kldstat -v -n if_wg.ko
 +Id Refs Address                Size Name
 +    1 0xffffffff82b17000    2e550 if_wg.ko (/boot/kernel/if_wg.ko)
 +        Contains modules:
 +                 Id Name
 +                473 wg
 +</code>
 +
 +Displaying wg status on VM2:
 +<code>
 +root@VM2:~ # ifconfig wg0
 +wg0: flags=80c1<UP,RUNNING,NOARP,MULTICAST> metric 0 mtu 1420
 +        options=80000<LINKSTATE>
 +        groups: wg
 +        nd6 options=101<PERFORMNUD,NO_DAD>
 +root@VM2:~ # netstat -rn | grep "Dest\|wg0"
 +Destination        Gateway            Flags     Netif Expire
 +10.0.45.0/24       link#            US          wg0
 +Destination                       Gateway                       Flags     Netif Expire
 +2001:db8:45::/64                  link#                       US          wg0
 +root@VM2:~ # wg show
 +interface: wg0
 +  public key: z9wBhxr/K405uQeYnCoGRi6VGWu/QAhym7JgH1BguxE=
 +  private key: (hidden)
 +  listening port: 51820
 +
 +peer: o267Qf43WlVTawLq/8nrET4GQKijrjWFKiux9iNLv04=
 +  endpoint: 10.0.34.4:51820
 +  allowed ips: 2001:db8:45::/64, 10.0.45.0/24
 +  latest handshake: 32 seconds ago
 +  transfer: 356 B received, 436 B sent
 </code> </code>
documentation/examples/gre_ipsec_and_openvpn.1666998727.txt.gz · Last modified: 2022/10/29 01:12 by olivier
Except where otherwise noted, content on this wiki is licensed under the following license: BSD 2-Clause
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki