Difference between revisions of "Wireguard"
(8 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
= | {{Infobox Package | ||
|image= | |||
|status=Working | |||
|devices=[[Nokia_N900]],[[Motorola_Droid_4]],[[PinePhone]] | |||
|date_in_repo=2021-11-01 | |||
|maemo_leste_repo=https://github.com/maemo-leste/libicd-wireguard | |||
|category=Network | |||
|packager=[[User:Wizzup]] | |||
}} | |||
Wireguard support is integrated in Maemo Leste (through ICD2) and is available for installation using the package manager. Once you've installed the package, restart the device. You should now see a Wireguard applet in the control panel, and a Wireguard applet in the status applet. | = Wireguard in Maemo Leste = | ||
[https://www.wireguard.com/ Wireguard] support is integrated in Maemo Leste (through ICD2) and is available for installation using the package manager. Once you've installed the package, restart the device. You should now see a Wireguard applet in the control panel, and a Wireguard applet in the status applet. | |||
There is also support to enable Wireguard only for specific IAPs. To do this, go to the advanced settings of any IAP in the Internet Connections control applet, and navigate to the "Providers" tab. In this tab, select Wireguard as the provider tab, and select your preferred config. | There is also support to enable Wireguard only for specific IAPs. To do this, go to the advanced settings of any IAP in the Internet Connections control applet, and navigate to the "Providers" tab. In this tab, select Wireguard as the provider tab, and select your preferred config. | ||
Line 13: | Line 23: | ||
=== Using a config file === | === Using a config file === | ||
For sophisticated setups that are potentially not supported in our configuration user interface, it is possible to create a configuration using the "Load" button in the Wireguard control panel applet. This allows you select a file (path!) to a pre-generated configuration. When the configuration associated with this file is loaded, the contents will be used verbatim. | For sophisticated setups that are potentially not supported in our configuration user interface, it is possible to create a configuration using the "Load" button in the Wireguard control panel applet. This allows you select a file (path!) to a pre-generated configuration. When the configuration associated with this file is loaded, the contents will be used verbatim. (This may be replaced in the future, as the PostUp and such lines could potentially be edited by non-root users but run as root!) | ||
=== Tunnelling all traffic over Wireguard === | === Tunnelling all traffic over Wireguard === | ||
Typically, setting | Typically, setting <code>Allowed IPs</code> to <code>0.0.0.0/0</code> (for one of the peers) and allowing packet forwarding on the endpoint ought to be enough to make all Maemo traffic go over Wireguard - but keep in mind you might need to set a DNS server (in the Wireguard configuration) that is outside of your LAN. | ||
== Debugging == | == Debugging == | ||
ICD2 will create the /etc/wireguard/icdwg0.conf file, so if the Wireguard connection fails to start for you, try | ICD2 will create the <code>/etc/wireguard/icdwg0.conf</code> file, so if the Wireguard connection fails to start for you, try running <code>sudo wg-quick up icdwg0</code> and look for any errors. | ||
Most other errors beyond wg-quick will require the usual network knowledge to debug (and are not specific to Maemo). | |||
== Gallery == | == Gallery == | ||
<gallery> | <gallery widths=320px heights=173px> | ||
WireguardAppMgr.png | WireguardAppMgr.png|Wireguard is installable from the application manager | ||
WireguardConnected.png | WireguardProvider2.png|It is possible to specify using Wireguard per connection (IAP) | ||
WireguardCPA.png | WireguardConnected.png|Wireguard is connected | ||
WireguardCPA2.png | WireguardCPA.png|Wireguard control panel applet icon | ||
WireguardCPA2.png|Wireguard control panel, editing a configuration | |||
WireguardProvider.png|Setting a per connection (IAP) Wireguard configuration | |||
</gallery> | </gallery> | ||
[[Category:Extras]] |
Latest revision as of 18:32, 1 November 2021
Wireguard | |
---|---|
Status | Working |
Devices | Nokia_N900,Motorola_Droid_4,PinePhone |
Import date | 2021-11-01 |
Leste repo | https://github.com/maemo-leste/libicd-wireguard |
Category | Category:Network |
Packager | User:Wizzup |
Wireguard in Maemo Leste
Wireguard support is integrated in Maemo Leste (through ICD2) and is available for installation using the package manager. Once you've installed the package, restart the device. You should now see a Wireguard applet in the control panel, and a Wireguard applet in the status applet.
There is also support to enable Wireguard only for specific IAPs. To do this, go to the advanced settings of any IAP in the Internet Connections control applet, and navigate to the "Providers" tab. In this tab, select Wireguard as the provider tab, and select your preferred config.
Configuring Wireguard using the UI
In the control panel, you should be able to create a new configuration. Make sure to share get the public key from the other endpoints (and other peers, if applicable), and make sure to copy the public key of your device to the endpoint (and/or peers).
Then, in the status applet, select the config you'd like, and enable system wide mode. At this point, connecting to any IAP should cause the wireguard connection to start. If the Wireguard connection fails to start in system wide mode, the IAP will be disconnected. See the "Debugging" section of this article to debug potential problems.
Using a config file
For sophisticated setups that are potentially not supported in our configuration user interface, it is possible to create a configuration using the "Load" button in the Wireguard control panel applet. This allows you select a file (path!) to a pre-generated configuration. When the configuration associated with this file is loaded, the contents will be used verbatim. (This may be replaced in the future, as the PostUp and such lines could potentially be edited by non-root users but run as root!)
Tunnelling all traffic over Wireguard
Typically, setting Allowed IPs
to 0.0.0.0/0
(for one of the peers) and allowing packet forwarding on the endpoint ought to be enough to make all Maemo traffic go over Wireguard - but keep in mind you might need to set a DNS server (in the Wireguard configuration) that is outside of your LAN.
Debugging
ICD2 will create the /etc/wireguard/icdwg0.conf
file, so if the Wireguard connection fails to start for you, try running sudo wg-quick up icdwg0
and look for any errors.
Most other errors beyond wg-quick will require the usual network knowledge to debug (and are not specific to Maemo).