Newbie - WireGuard per systemd on Debian Buster
Jonas Kalderstam
jonas at cowboyprogrammer.org
Thu May 7 12:43:18 CEST 2020
I've been running wireguard with systemd in Debian for some time
now.
On 2020-04-16 木 18:23, Hans Kraus <hans at hanswkraus.com> wrote:
> /etc/systemd/network/wg0.netdev
> ---------------------------------------------
> [NetDev]
> Name=wg0
> Kind=wireguard
> Description=Wireguard kraush
>
> [WireGuard]
> PrivateKey=<private key server>
> ListenPort=#####
>
> [WireGuardPeer]
> PublicKey=<public key client>
> AllowedIPs=<free range>.0/24
> ---------------------------------------------
The only thing I can think of here is that your AllowedIPs ends
with a
zero - on the server you have to specify the exact IP
address. It's on
the client side where you let the AllowedIPs be a wildcard.
Examples:
server-side:
---
[WireGuardPeer]
# Client1 address
AllowedIPs=192.168.2.5
[WireGuardPeer]
# Client2 address
AllowedIPs=192.168.2.6
---
client-side:
---
[WireGuardPeer]
# Entire wireguard range
AllowedIPs=192.168.2.0/24
---
> /etc/systemd/network/wg0.network
> ---------------------------------------------
> [Match]
> Name=wg0
>
> [Network]
> Address=<free range>.1/24
> ---------------------------------------------
You might want to consider adding
IPForward=yes
for the server's .network file, and
FwMark=1234
to client's .netdev file, to be sure you can do proper road
warrioring
down the line.
I'm also a bit paranoid and have added the following to my client
.network files:
client.network:
---
[Route]
Address=192.168.2.0/24
---
Hopefully the peer address fix solves your issues.
--
Jonas Kalderstam
PGP key: 987C54AB0D4451ED
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20200507/8744cd1c/attachment.asc>
More information about the WireGuard
mailing list