Configure WireGuard using network-config-manager

Susant Sahani Susant Sahani

Susant Sahani

Engineer

发布日期: 2022年12月3日
+ 关注

WireGuard is an extremely simple, fast and modern VPN that is built into Linux kernel 5.6 and above. This article presents configuration on Photon OS (Linux-based operating system) for `systemd-networkd` using network-config-manager.

We need to install wireguard-tools. Can be downloaded or intall via `tdnf` 

? sudo tdnf install wireguard-tools -y

On both sites we need to create a pair of keys . Each site need other site's public key and vice-versa. 

? wg genkey | tee wg-private.key | wg pubkey > wg-public.key

Change permission of the files so that it can be readable by systemd-network user 

? chown root:systemd-network wg-privatge.key wg-public.key

Site #1 Configuration 


? nmctl
? ? ? ? ?System Name: photon
? ? ? ? ? ? ? Kernel: Linux (5.10.152-6.ph4)
? ? ?systemd version: v247.11-4.ph4
? ? ? ? Architecture: x86-64
? ? ? Virtualization: vmware
? ? Operating System: VMware Photon OS/Linux
? ? ? ? ? Machine ID: 5103175aac7f4967acbdf97946c27ca3
? ? ? ? System State: routable
? ? ? ? ? ?Addresses: fe80::20c:29ff:fe3c:d58f/64? ? on device eth0
? ? ? ? ? ? ? ? ? ? ? fe80::20c:29ff:fe3c:d599/64? ? on device eth1
? ? ? ? ? ? ? ? ? ? ? 127.0.0.1/8? ? ? ? ? ? ? ? ? ? on device lo
? ? ? ? ? ? ? ? ? ? ? 192.168.1.10/24? ? ? ? ? ? ? ? on device eth0
? ? ? ? ? ? ? ? ? ? ? 192.168.1.9/24? ? ? ? ? ? ? ? ?on device eth1
? ? ? ? ? ? ? ? ? ? ? ::1/128? ? ? ? ? ? ? ? ? ? ? ? on device lo
? ? ? ? ? ? ?Gateway: 192.168.1.1? ? ? ? ? ? ? ? ? ? on device eth0
? ? ? ? ? ? ? ? ? ? ? 192.168.1.1? ? ? ? ? ? ? ? ? ? on device eth1
? ? ? ? ? ? ? ? ?DNS: 125.99.61.254 116.72.253.254



? cat wg-public.key 
d0AR4V68TJPA65ddKADmyTBbEgPTo75Xq/EVE1nsVFA=y

Site #2 Configuration 


? nmctl? ? ? ??
? ? ? ? ?System Name: Zeus
? ? ? ? ? ? ? Kernel: Linux (6.1.0-0.rc7.20221130git01f856ae6d0c.53.fc38.x86_64)
? ? ?systemd version: 252.2-591.fc38
? ? ? ? Architecture: x86-64
? ? ? Virtualization: vmware
? ? Operating System: Fedora Linux 38 (Workstation Edition Prerelease)
? ? ? ? ? Machine ID: d4f740d7e70d423cb46c8b1def547701
? ? ? ? System State: routable
? ? ? ? Online State: partial
? ? ? ? ? ?Addresses: fe80::20c:29ff:fe5f:d139/64? ? on device ens33
? ? ? ? ? ? ? ? ? ? ? fe80::20c:29ff:fe5f:d143/64? ? on device ens37
? ? ? ? ? ? ? ? ? ? ? 127.0.0.1/8? ? ? ? ? ? ? ? ? ? on device lo
? ? ? ? ? ? ? ? ? ? ? ::1/128? ? ? ? ? ? ? ? ? ? ? ? on device lo
? ? ? ? ? ? ? ? ? ? ? 192.168.1.8/24? ? ? ? ? ? ? ? ?on device ens33
? ? ? ? ? ? ? ? ? ? ? 192.168.1.7/24? ? ? ? ? ? ? ? ?on device ens37
? ? ? ? ? ? ?Gateway: 192.168.1.1? ? ? ? ? ? ? ? ? ? on device ens33
? ? ? ? ? ? ? ? ? ? ? 192.168.1.1? ? ? ? ? ? ? ? ? ? on device ens37
? ? ? ? ? ? ? ? ?DNS: 125.99.61.254 116.72.253.254


??cat wg-public.key lhR9C3iZGKC+CIibXsOxDql8m7YulZA5I2tqgU2PnhM=y

Now generate wire-guard configuration using nmctl on Site #1 


? nmctl create-wg wg99 private-key-file /etc/systemd/network/wg-private.key listen-port 34966 public-key lhR9C3iZGKC+CIibXsOxDql8m7YulZA5I2tqgU2PnhM= endpoint 192.168.1.11:34966 allowed-ips 10.0.0.2/32

??nmctl add-addr dev wg99 a 10.0.0.1/24

The configuration generated for systemd-networkd 

? cat 10-wg99.netdev

[NetDev]
Name=wg99
Kind=wireguard


[WireGuard]
PrivateKeyFile=/etc/systemd/network/wg-private.key
ListenPort=34966


[WireGuardPeer]
# Public key of Site #2
PublicKey=lhR9C3iZGKC+CIibXsOxDql8m7YulZA5I2tqgU2PnhM=
Endpoint=192.168.1.11:34966
AllowedIPs=10.0.0.2/32

? cat 10-wg99.network
[Match]
Name=wg99


[Address]
Address=10.0.0.1/24

?? ~ nmctl status wg99
? ? Flags: UP RUNNING NOARP LOWERUP?
? ? ? ? ? ? ? ? ? ? ? ? Kind: wireguard
? ? ? ? ? ? ? ? ? ? ? ? Type: wireguard
? ? ? ? ? ? ? ? ? ? ? Driver: wireguard
? ? ? ? ? ? ? ? ? ?Link File: /usr/lib/systemd/network/99-default.link
? ? ? ? ? ? ? ? Network File: /etc/systemd/network/10-wg99.network
? ? ? ? ? ? ? ? ? ? ? ?State: routable (configured)?
? ? ? ? ? ? ? ?Address State: routable
? ? ? ? ? IPv4 Address State: routable
? ? ? ? ? IPv6 Address State: off
? ? ? ? ? ? ? ? Online State: online
? ? ? ? ?Required for Online: yes
? ? ? ? ? ?Activation Policy: up
? ? ? ? ? ? ? ? ? ? ? ? ?MTU: 1420 (min: 0 max: 2147483552)?
? ? ? ? ? ? ? ? ? ? ? ?QDISC: noqueue?
? ? ? ? ? ? ? Queues (Tx/Rx): 1/1?
? ? ? ? ? ? ?Tx Queue Length: 1000?
IPv6 Address Generation Mode: eui64?
? ? ? ? ? ? ? ? GSO Max Size: 65536 GSO Max Segments: 65535?
? ? ? ? ? ? ? ? ? ? ?Address: 10.0.0.2/24

wg output

领英推荐

?? wg

interface: wg99
? public key: lhR9C3iZGKC+CIibXsOxDql8m7YulZA5I2tqgU2PnhM=
? private key: (hidden)
? listening port: 34966

peer: d0AR4V68TJPA65ddKADmyTBbEgPTo75Xq/EVE1nsVFA=
? endpoint: 192.168.1.7:34966
? allowed ips: 10.0.0.1/32
? latest handshake: 20 minutes, 36 seconds ago
? transfer: 57.70 KiB received, 58.37 KiB sent

Similarly generate configuration for site #2

??nmctl create-wg wg99 private-key-file /etc/systemd/network/wg-private.key listen-port 34966 public-key d0AR4V68TJPA65ddKADmyTBbEgPTo75Xq/EVE1nsVFA= endpoint 192.168.1.7:34966 allowed-ips 10.0.0.1/32


? nmctl add-addr dev wg99 a 10.0.0.2/242

The configuration generated for systemd-networkd 

??cat 10-wg99.netdev?
 ? ? ? ? ? ? ? ? 
[NetDev]
Name=wg99
Kind=wireguard


[WireGuard]
PrivateKeyFile=/etc/systemd/network/wg-private.key
ListenPort=34966


[WireGuardPeer]
# Public key of Site #1
PublicKey=d0AR4V68TJPA65ddKADmyTBbEgPTo75Xq/EVE1nsVFA=
Endpoint=192.168.1.7:34966
AllowedIPs=10.0.0.1/32


??network cat 10-wg99.network
[Match]
Name=wg99


[Address]
Address=10.0.0.2/24


? nmctl status wg99
? ? ? ? ? ? ? ? ? ? ? ?Flags: UP RUNNING NOARP LOWERUP?
? ? ? ? ? ? ? ? ? ? ? ? Kind: wireguard
? ? ? ? ? ? ? ? ? ? ? ? Type: wireguard
? ? ? ? ? ? ? ? ? ? ? Driver: wireguard
? ? ? ? ? ? ? ? ? ?Link File: /usr/lib/systemd/network/99-default.link
? ? ? ? ? ? ? ? Network File: /etc/systemd/network/wg99.network
? ? ? ? ? ? ? ? ? ? ? ?State: routable (configured)?
? ? ? ? ? ? ? ?Address State: routable
? ? ? ? ? IPv4 Address State: routable
? ? ? ? ? IPv6 Address State: off
? ? ? ? ? ? ? ? Online State: online
? ? ? ? ?Required for Online: yes
? ? ? ? ? ?Activation Policy: up
? ? ? ? ? ? ? ? ? ? ? ? ?MTU: 1420 (min: 0 max: 2147483552)?
? ? ? ? ? ? ? ? ? ? ? ?QDISC: noqueue?
? ? ? ? ? ? ? Queues (Tx/Rx): 1/1?
? ? ? ? ? ? ?Tx Queue Length: 1000?
IPv6 Address Generation Mode: eui64?
? ? ? ? ? ? ? ? GSO Max Size: 65536 GSO Max Segments: 65535?
? ? ? ? ? ? ? ? ? ? ?Address: 10.0.0.2/24
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ??

??wg

interface: wg9
? public key: lhR9C3iZGKC+CIibXsOxDql8m7YulZA5I2tqgU2PnhM=
? private key: (hidden)
? listening port: 34966


peer: d0AR4V68TJPA65ddKADmyTBbEgPTo75Xq/EVE1nsVFA=
? endpoint: 192.168.1.7:34966
? allowed ips: 10.0.0.1/32
? latest handshake: 23 minutes, 57 seconds ago
? transfer: 57.70 KiB received, 58.37 KiB sent9

Let's ping and confirm connectivity on site #1

? ip a show wg99 


25: wg99: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state 
UNKNOWN group default qlen 1000link/none?
? ? inet 10.0.0.1/24 brd 10.0.0.255 scope global wg99
? ? ? ?valid_lft forever preferred_lft forever

? ping 10.0.0.2

PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=4.90 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=3.77 ms
64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=23.0 ms

Ping and confirm connectivity on site #2 

?? ip a show wg

209: wg99: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000 link/none?? ? inet 10.0.0.2/24 scope global wg99? ? ? ?valid_lft forever preferred_lft forever?? ping 10.0.0.1PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=1.92 ms99



GitHub repo?network-config-manager

Thank you ~!

要查看或添加评论,请登录

Susant Sahani的更多文章

社区洞察

其他会员也浏览了