Difference between revisions of "Wireguard"

From Maemo Leste Wiki
Jump to navigationJump to search
Line 26: Line 26:


<gallery widths=320px heights=173px>
<gallery widths=320px heights=173px>
WireguardAppMgr.png
WireguardAppMgr.png|Wireguard is installable from the application manager
WireguardProvider2.png
WireguardProvider2.png|It is possible to specify using Wireguard per connection (IAP)
WireguardConnected.png
WireguardConnected.png|Wireguard is connected
WireguardCPA.png
WireguardCPA.png|Wireguard control panel applet icon
WireguardCPA2.png
WireguardCPA2.png|Wireguard control panel, editing a configuration
WireguardProvider.png
WireguardProvider.png|Setting a per connection (IAP) Wireguard configuration
</gallery>
</gallery>

Revision as of 23:47, 2 October 2021

Wireguard

Wireguard support is integrated in Maemo Leste (through ICD2) and is available for installation using the package manager. Once you've installed the package, restart the device. You should now see a Wireguard applet in the control panel, and a Wireguard applet in the status applet.

There is also support to enable Wireguard only for specific IAPs. To do this, go to the advanced settings of any IAP in the Internet Connections control applet, and navigate to the "Providers" tab. In this tab, select Wireguard as the provider tab, and select your preferred config.

Configuring Wireguard using the UI

In the control panel, you should be able to create a new configuration. Make sure to share get the public key from the other endpoints (and other peers, if applicable), and make sure to copy the public key of your device to the endpoint (and/or peers).

Then, in the status applet, select the config you'd like, and enable system wide mode. At this point, connecting to any IAP should cause the wireguard connection to start. If the Wireguard connection fails to start in system wide mode, the IAP will be disconnected. See the "Debugging" section of this article to debug potential problems.

Using a config file

For sophisticated setups that are potentially not supported in our configuration user interface, it is possible to create a configuration using the "Load" button in the Wireguard control panel applet. This allows you select a file (path!) to a pre-generated configuration. When the configuration associated with this file is loaded, the contents will be used verbatim.

Tunnelling all traffic over Wireguard

Typically, setting "Allowed IPs" to "0.0.0.0/0" and allowing packet forwarding on the endpoint ought to be enough to make all Maemo traffic go over Wireguard - but keep in mind you might need to set a DNS server (in the Wireguard configuration) that is outside of your LAN.

Debugging

ICD2 will create the /etc/wireguard/icdwg0.conf file, so if the Wireguard connection fails to start for you, try tunning "wg-quick up icdwg0" and look for any errors. Any other errors beyond wg-quick will require the usual network knowledge to debug (and is not specific to Maemo).

Gallery