diff --git a/en/faq.md b/en/faq.md index d261433..7fa689d 100644 --- a/en/faq.md +++ b/en/faq.md @@ -271,7 +271,73 @@ In this case, add `-O` option to the command: ```bash scp -O ~/myfile root@192.168.1.65:/tmp/ ``` +### Configuring WireGuard to work with OpenIPC (VPN implementation) +#### Configuring the server in Linux + +Use [this guide](https://ruvds.com/ru/helpcenter/nastroyka-vpn-s-ispolzovaniem-wireguard/) ([archived copy](https://web.archive.org/web/20240804111853/https://ruvds.com/ru/helpcenter/nastroyka-vpn-s-ispolzovaniem-wireguard/)). + +#### Configuring the client in OpenIPC + +1) In the `/etc/network/interfaces.d/wg0` file, add the `auto wg0` line to the beginning, in `address` specify the desired client address within the VPN network, and in `netmask` specify the VPN network mask. An example of the resulting file: +```shell +auto wg0 +iface wg0 inet static + address 10.10.10.10.2 + netmask 255.255.255.255.0 + pre-up modprobe wireguard + pre-up ip link add dev wg0 type wireguard + pre-up wg setconf wg0 /etc/wireguard.conf + post-down ip link del dev wg0 +``` +2) Edit the `/etc/wireguard.conf` file, taking into account that the `Address` (we set the address in the previous step) and `DNS` keywords are not supported. An example of the resulting file: +``` +[Interface]. +PrivateKey = MO3+yxTyFnnOgeOk9NKFSKHqgFfW6cBhctUO4YeiwV0= +[Peer] +AllowedIPs = 10.10.10.10.0/24 +Endpoint = 192.168.0.2:51820 +PersistentKeepalive = 25 +PublicKey = M2/axcXbD+eg/c4vfEQTiIpV6LU+kzgJCGqDpzIpHS4= +``` + +3) In the `/etc/rc.local` file, add the `ifup wg0` line before the `exit 0` line. An example of the resulting file: + +```shell +#!/bin/sh +# +# rc.local +# +# This script is executed at the end of each multiuser runlevel. +# Make sure that the script will "exit 0" on success or any other +# value on error. +# +# In order to enable or disable this script just change the execution +# bits. +# +# By default this script does nothing. + +ifup wg0 +exit 0 +``` + +4) Reboot OpenIPC. + +5) Test: on the server and on the client, run the `wg show` command. Here is its output example if successful: + +``` +root@openipc-t31:~# wg show +interface: wg0 + public key: /RL2MdZqOdLsT2Be1KXnJWQGJP2oP8sVMlZ/f3GK1BA= + private key: (hidden) + listening port: 34161 +peer: M2/axcXbD+eg/c4vfEQTiIpV6LU+kzgJCGqDpzIpHS4= + endpoint: 192.168.0.2:51820 + allowed ips: 10.10.10.0/24 + latest handshake: 1 minute, 7 seconds ago + transfer: 185.22 KiB received, 182.02 KiB sent + persistent keepalive: every 25 seconds +``` [1]: https://openipc.org/wiki/en/gpio-settings.html [2]: https://github.com/OpenIPC/ipctool/releases/download/latest/ipctool