[opensuse] Any current wireguard on openSuSE 15.2?
Hello users-list @ opensuse anyone using current wireguard on current opensuse leap 15.2? I see very few posts on the list server archives. I read about some new version 0.3.1 windows client. I suppose wireguard on the server side is linux only? How current and up-to-date is wireguard server side on opensuse leap 15.2? I like the archlinux documentation pages for a lot of topics <https://wiki.archlinux.org/index.php/WireGuard> I fail to find some version number or understanding of the linux side wireguard in terms of release or version numbers. does 0.3.1 on the windows client side has got to do anything with the server side version? Also wondering why <https://software.opensuse.org/package/wireguard> apparently leap 15.1 has some official wireguard package that has a higher version string or date string that leap 15.2 or even tumbleweed? I am also trying to dig into site-to-site (both linux) connections. TY.
W dniu 24.11.2020 o 13:35, cagsm pisze:
Hello users-list @ opensuse
anyone using current wireguard on current opensuse leap 15.2?
Yes, I do.
I see very few posts on the list server archives. I read about some new version 0.3.1 windows client. I suppose wireguard on the server side is linux only?
With wireguard, there's no server and client. Every node of this VPN is an equal peer. Just some of them must have static, well known IP address.
How current and up-to-date is wireguard server side on opensuse leap 15.2?
It is. I mean for a long time I haven't seen any changes is configuration or any incompatibilities between versions.
I like the archlinux documentation pages for a lot of topics <https://wiki.archlinux.org/index.php/WireGuard>
ArchLinux wiki is always good resource.
I fail to find some version number or understanding of the linux side wireguard in terms of release or version numbers. does 0.3.1 on the windows client side has got to do anything with the server side version?
I have no idea. Sorry.
Also wondering why <https://software.opensuse.org/package/wireguard>
apparently leap 15.1 has some official wireguard package that has a higher version string or date string that leap 15.2 or even tumbleweed?
On openSUSE you need package "wireguard-tools". The old "wireguard" package used to contain separate kernel module. Since openSUSE 15.2, this module is shipped with kernel.
I am also trying to dig into site-to-site (both linux) connections.
I have some experience with that. Feel free to ask, if you have any trouble.
On Tue, Nov 24, 2020 at 9:41 PM Adam Mizerski <adam@mizerski.pl> wrote:
With wireguard, there's no server and client. Every node of this VPN is an equal peer. Just some of them must have static, well known IP address.
thanks for these basic infos and steps in this thread, also to the other fellow posters. as always, thanks to everybody participating here. i wasnt aware of such a rather-node than client-server concept. So in my case, for example the site-to-site thing i am trying to get into. would it suffice to have a linux box on both disjunct networks, they both reach each other via the internet public routed ip (dynamic dns provider and the like) and the lan side participants (windows machines) would only connect their wireguard to the locally available linux server, and these two linux servers via wireguard relaying all information among all windows stations in both lans, and thus forming a wireguard virtual lan where all participating stations would be members? so i dont have to wireguard-connect all stations with all other wireguard stations, right? in their respective configs. only peer the local lan1 stations with the linux wg machine in lan1, and the local lan2 stations with the local lan2 linux machine, and the rest flows naturally from linux-wg1 to linux-wg2 acting as routers in the wg layer?
I have some experience with that. Feel free to ask, if you have any trouble.
will see what i can make of it. actually maybe i would need to provide a route concept for non-wireguard capable machinery and devices that they all can be in this bridged-sort of overall-lan brought to life with this wg concept? would that be possible? then maybe i would only need those two linux1 linux2 machines with wg, and the rest targeting their packets to these two gateways locally or route only specific packets through those two devices? TY.
On each LAN default GW router assuming private class C add something like. Assuming: LAN1 = 192.168.1.0/24 and WG1 = 10.0.0.1 LAN2 = 192.168.2.0/24 and WG2 = 10.0.0.2 LAN1 router add: ip route add 192.168.2.0/24 via 192.168.1.1 LAN2 router add: ip route add 192.168.1.0/24 via 192.168.1.2 If the routers are not a native Linux boxes just convert the above to the equivalent router command language. Ariez ajv@opensuse.org On 26/11/2020 05:38, cagsm wrote:
will see what i can make of it. actually maybe i would need to provide a route concept for non-wireguard capable machinery and devices that they all can be in this bridged-sort of overall-lan brought to life with this wg concept? would that be possible? then maybe i would only need those two linux1 linux2 machines with wg, and the rest targeting their packets to these two gateways locally or route only specific packets through those two devices?
* !!! CORRECTION !!! * Assuming: LAN1 = 192.168.1.0/24 and WG1 = 10.0.0.1 LAN2 = 192.168.2.0/24 and WG2 = 10.0.0.2 LAN1 router add: ip route add 192.168.2.0/24 via 10.0.0.1 LAN2 router add: ip route add 192.168.1.0/24 via 10.0.0.2 Ariez ajv@opensuse.org On 27/11/2020 11:48, Ariez Vachha - openSUSE wrote:
On each LAN default GW router assuming private class C add something like.
Assuming: LAN1 = 192.168.1.0/24 and WG1 = 10.0.0.1 LAN2 = 192.168.2.0/24 and WG2 = 10.0.0.2
LAN1 router add: ip route add 192.168.2.0/24 via 192.168.1.1
LAN2 router add: ip route add 192.168.1.0/24 via 192.168.1.2
If the routers are not a native Linux boxes just convert the above to the equivalent router command language.
Ariez ajv@opensuse.org
On 26/11/2020 05:38, cagsm wrote:
will see what i can make of it. actually maybe i would need to provide a route concept for non-wireguard capable machinery and devices that they all can be in this bridged-sort of overall-lan brought to life with this wg concept? would that be possible? then maybe i would only need those two linux1 linux2 machines with wg, and the rest targeting their packets to these two gateways locally or route only specific packets through those two devices?
openSUSE Users mailing list -- users@lists.opensuse.org To unsubscribe, email users-leave@lists.opensuse.org List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette List Archives: https://lists.opensuse.org/archives/list/users@lists.opensuse.org
Hi there cagsm! I use WG on openWRT routers works a charm and is absolutely trivial as basic support is built in to the Linux kernel. To set up get the wireguard-tools binaries, on 15.2 a quick zypper search returns: Information for package wireguard-tools: ---------------------------------------- Repository : openSUSE-Leap-15.2-Oss Name : wireguard-tools Version : 1.0.20200513-lp152.1.1 Arch : x86_64 Vendor : openSUSE So: "zypper in wireguard-tools" will get you the Version 1.0.20200513 binaries. All you need is at least one side to be able to reach the other in order for key exchange for encryption and set up the link. Here are some scripts and config files that should work fine: *Server or fixed IP side* _Server.sh_ #!/bin/ash ip link add dev wg0 type wireguard ip address add dev wg0 10.0.0.1/24 wg setconf wg0 serverWG0.conf ip link set wg0 up _serverWG0.conf_ [Interface] ListenPort = 51820 PrivateKey = YourServerPrivatekey= [Peer] PublicKey = YourClientPublicKey= PresharedKey = YourPreSharedkey= AllowedIPs = 10.0.0.2/32 PersistentKeepalive = 25 *Remote or dynamic side* _WGremote.sh_ #!/bin/ash ip link add dev wg0 type wireguard ip address add dev wg0 10.0.0.2/24 wg setconf wg0 remoteWG0.conf ip link set wg0 up _remoteWG0.conf_ [Interface] ListenPort = 56285 PrivateKey = YourClientPrivatekey= [Peer] PublicKey = YourServerPublicKey= PresharedKey = YourPreSharedkey= AllowedIPs = 10.0.0.1/32 Endpoint = your.server.domain:51820 PersistentKeepalive = 25 Don't forget to open port 56285 (or whatever you choose) on your firewall. As for site-to-site bear in mind WG is Layer 3 so you you will have to explicitly route traffic via the WG link. Have a lot of Fun! Ariez ajv@opensuse.org On 24/11/2020 20:35, cagsm wrote:
Hello users-list @ opensuse
anyone using current wireguard on current opensuse leap 15.2? I see very few posts on the list server archives. I read about some new version 0.3.1 windows client. I suppose wireguard on the server side is linux only?
How current and up-to-date is wireguard server side on opensuse leap 15.2?
I like the archlinux documentation pages for a lot of topics <https://wiki.archlinux.org/index.php/WireGuard>
I fail to find some version number or understanding of the linux side wireguard in terms of release or version numbers. does 0.3.1 on the windows client side has got to do anything with the server side version?
Also wondering why <https://software.opensuse.org/package/wireguard>
apparently leap 15.1 has some official wireguard package that has a higher version string or date string that leap 15.2 or even tumbleweed?
I am also trying to dig into site-to-site (both linux) connections.
TY. _______________________________________________ openSUSE Users mailing list -- users@lists.opensuse.org To unsubscribe, email users-leave@lists.opensuse.org List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette List Archives: https://lists.opensuse.org/archives/list/users@lists.opensuse.org
Sorry my bad open port 51820 on the server side the client port is irrelevant unless you want it to also cat as a "server". Cheers, Ariez ajv@opensuse.org On 25/11/2020 16:10, Ariez Vachha wrote:
Hi there cagsm!
I use WG on openWRT routers works a charm and is absolutely trivial as basic support is built in to the Linux kernel. To set up get the wireguard-tools binaries, on 15.2 a quick zypper search returns:
Information for package wireguard-tools: ---------------------------------------- Repository : openSUSE-Leap-15.2-Oss Name : wireguard-tools Version : 1.0.20200513-lp152.1.1 Arch : x86_64 Vendor : openSUSE
So: "zypper in wireguard-tools" will get you the Version 1.0.20200513 binaries.
All you need is at least one side to be able to reach the other in order for key exchange for encryption and set up the link.
Here are some scripts and config files that should work fine:
*Server or fixed IP side*
_Server.sh_ #!/bin/ash ip link add dev wg0 type wireguard ip address add dev wg0 10.0.0.1/24 wg setconf wg0 serverWG0.conf ip link set wg0 up
_serverWG0.conf_ [Interface] ListenPort = 51820 PrivateKey = YourServerPrivatekey=
[Peer] PublicKey = YourClientPublicKey= PresharedKey = YourPreSharedkey= AllowedIPs = 10.0.0.2/32 PersistentKeepalive = 25
*Remote or dynamic side*
_WGremote.sh_ #!/bin/ash ip link add dev wg0 type wireguard ip address add dev wg0 10.0.0.2/24 wg setconf wg0 remoteWG0.conf ip link set wg0 up
_remoteWG0.conf_ [Interface] ListenPort = 56285 PrivateKey = YourClientPrivatekey=
[Peer] PublicKey = YourServerPublicKey= PresharedKey = YourPreSharedkey= AllowedIPs = 10.0.0.1/32 Endpoint = your.server.domain:51820 PersistentKeepalive = 25
Don't forget to open port 56285 (or whatever you choose) on your firewall.
As for site-to-site bear in mind WG is Layer 3 so you you will have to explicitly route traffic via the WG link.
Have a lot of Fun! Ariez ajv@opensuse.org
On 24/11/2020 20:35, cagsm wrote:
Hello users-list @ opensuse
anyone using current wireguard on current opensuse leap 15.2? I see very few posts on the list server archives. I read about some new version 0.3.1 windows client. I suppose wireguard on the server side is linux only?
How current and up-to-date is wireguard server side on opensuse leap 15.2?
I like the archlinux documentation pages for a lot of topics <https://wiki.archlinux.org/index.php/WireGuard>
I fail to find some version number or understanding of the linux side wireguard in terms of release or version numbers. does 0.3.1 on the windows client side has got to do anything with the server side version?
Also wondering why <https://software.opensuse.org/package/wireguard>
apparently leap 15.1 has some official wireguard package that has a higher version string or date string that leap 15.2 or even tumbleweed?
I am also trying to dig into site-to-site (both linux) connections.
TY. _______________________________________________ openSUSE Users mailing list -- users@lists.opensuse.org To unsubscribe, email users-leave@lists.opensuse.org List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette List Archives: https://lists.opensuse.org/archives/list/users@lists.opensuse.org
openSUSE Users mailing list -- users@lists.opensuse.org To unsubscribe, email users-leave@lists.opensuse.org List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette List Archives: https://lists.opensuse.org/archives/list/users@lists.opensuse.org
participants (4)
-
Adam Mizerski -
Ariez Vachha -
Ariez Vachha - openSUSE
-
cagsm