Difference between revisions of "Wireguard"
Line 26: | Line 26: | ||
<gallery widths=320px heights=173px> | <gallery widths=320px heights=173px> | ||
WireguardAppMgr.png | WireguardAppMgr.png|Wireguard is installable from the application manager | ||
WireguardProvider2.png | WireguardProvider2.png|It is possible to specify using Wireguard per connection (IAP) | ||
WireguardConnected.png | WireguardConnected.png|Wireguard is connected | ||
WireguardCPA.png | WireguardCPA.png|Wireguard control panel applet icon | ||
WireguardCPA2.png | WireguardCPA2.png|Wireguard control panel, editing a configuration | ||
WireguardProvider.png | WireguardProvider.png|Setting a per connection (IAP) Wireguard configuration | ||
</gallery> | </gallery> |
Revision as of 23:47, 2 October 2021
Wireguard
Wireguard support is integrated in Maemo Leste (through ICD2) and is available for installation using the package manager. Once you've installed the package, restart the device. You should now see a Wireguard applet in the control panel, and a Wireguard applet in the status applet.
There is also support to enable Wireguard only for specific IAPs. To do this, go to the advanced settings of any IAP in the Internet Connections control applet, and navigate to the "Providers" tab. In this tab, select Wireguard as the provider tab, and select your preferred config.
Configuring Wireguard using the UI
In the control panel, you should be able to create a new configuration. Make sure to share get the public key from the other endpoints (and other peers, if applicable), and make sure to copy the public key of your device to the endpoint (and/or peers).
Then, in the status applet, select the config you'd like, and enable system wide mode. At this point, connecting to any IAP should cause the wireguard connection to start. If the Wireguard connection fails to start in system wide mode, the IAP will be disconnected. See the "Debugging" section of this article to debug potential problems.
Using a config file
For sophisticated setups that are potentially not supported in our configuration user interface, it is possible to create a configuration using the "Load" button in the Wireguard control panel applet. This allows you select a file (path!) to a pre-generated configuration. When the configuration associated with this file is loaded, the contents will be used verbatim.
Tunnelling all traffic over Wireguard
Typically, setting "Allowed IPs" to "0.0.0.0/0" and allowing packet forwarding on the endpoint ought to be enough to make all Maemo traffic go over Wireguard - but keep in mind you might need to set a DNS server (in the Wireguard configuration) that is outside of your LAN.
Debugging
ICD2 will create the /etc/wireguard/icdwg0.conf file, so if the Wireguard connection fails to start for you, try tunning "wg-quick up icdwg0" and look for any errors. Any other errors beyond wg-quick will require the usual network knowledge to debug (and is not specific to Maemo).