3,221
edits
Changes
From SME Server
Jump to navigationJump to searchno edit summary
===Installation===
===Installation===
<tabs container><tab name="For SME 10">
<tabs container=""><tab name="For SME 10">
yum --enablerepo=smecontribs install {{#var:smecontribname}}
yum --enablerepo=smecontribs install {{#var:smecontribname}}
then log to your server-manager to start adding clients.
</tab></tabs>
</tab></tabs>
===Configuration===
===Configuration===
==== using server-manager ====
[[File:Wireguard-panel.png|none|thumb|main panel]]
On the main panel you can see at a glance, server configuration, connected clients, and configured clients.
[[File:Wireguard-config.png|none|thumb|configure the server]]
You can adjust the server configuration: disable the service, change the server main Ip and mask. Default will generate a class B network for more than 1000 device connected, looking that all your users might want a dedicated client for every devices (phone, pad, laptop...). 172.* class B tends to be less commonly used than 192.168.* class C network or 10.+ class A network, so this also should limit collision for your clients behind a LAN when launching their VPN session.
The private and public key are generated upon installation, but if you have specific needs, go ahead and play with them.
<br />
[[File:Wireguard-add-client.png|none|thumb|add a new client]]
To add a new client simply press the button, and select a user that will be associated to this client, and give some information about this client. IF you want to create a client for the phone of the admin, simply type "phone", then press create button and private"/public key will be generated and first available ip will be associated to the client.
<br />
[[File:Wireguard-qrcode.png|none|thumb|get client configuration and qrcode]]
You can easily configure your client using a qrcode or a generated configuration.
<br />
[[File:Wireguard-edit-client.png|none|thumb|client modification]]
If you want to alter the client configuration you can do so on this screen, you can even remove the private key if you do not want it on the server, or set your own public key without revealing the private key, it is only needed to generate the qrcode, not to allow you to connect.
==== advanced manual configuration ====
you can list the available configuration with the following command :
you can list the available configuration with the following command :
config show wg-quick@wg0
config show wg-quick@wg0
!
!
|-
|-
|DbName
|UDPPort
|nextcloud
|51820
|string
|string
|for mysql db
|should keep this one as default, but free to do as you want
|-
|-
|DbPassword
|mask
|GENERATED
|22
|network mask bit
|the default allow 1024 hosts
|-
|ip
|172.X.0.1
|IP v4
|one class B IP is generated on installation, feel free to set as you want
|-
|private
|
|string
|string
|for mysql db
|private key, generated
|-
|-
|DbUser
|public
|nextcloud
|
|string
|string
|for mysql db
|public key, generated
|-
|-
|access
|access
|enabled,disabled
|enabled,disabled
|}
|}
You can also check the configured clients:
db wireguard show 172.X.0.2
<br />
{| class="wikitable"
!property
!default
!values
!
|-
|allowedips
|
|list of ip/mask
|default is empty for all 0.0.0.0/0
|-
|info
|
|string
|name or information about the client
|-
|ip
|172.X.0.Y
|IP v4
|should be part of wg0 network
|-
|private
|
|string
|private key, generated
|-
|public
|
|string
|public key, generated
|-
|status
|enabled
|enabled,disabled
|
|}
===Sources of information===
===Sources of information===
* https://www.subnet-calculator.com/subnet.php?net_class=B
*https://www.subnet-calculator.com/subnet.php?net_class=B
* https://github.com/pirate/wireguard-docs
*https://github.com/pirate/wireguard-docs
* https://manpages.debian.org/unstable/wireguard-tools/wg.8.en.html
*https://manpages.debian.org/unstable/wireguard-tools/wg.8.en.html
* https://www.linuxbabe.com/centos/wireguard-vpn-server-centos
*https://www.linuxbabe.com/centos/wireguard-vpn-server-centos
*
*
<br />
<br />
<!-- list of category you want to see this page in -->
<!-- list of category you want to see this page in -->
[[Category: Contrib]]
[[Category: Contrib]]
<!-- Please keep there the template revision number as is -->
<!-- Please keep there the template revision number as is -->
