Difference between revisions of "Wireguard"

From Maemo Leste Wiki
Jump to navigationJump to search
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
= Wireguard =  
{{Infobox Package
|image=
|status=Working
|devices=[[Nokia_N900]],[[Motorola_Droid_4]],[[PinePhone]]
|date_in_repo=2021-11-01
|maemo_leste_repo=https://github.com/maemo-leste/libicd-wireguard
|category=Network
|packager=[[User:Wizzup]]
}}


Wireguard support is integrated in Maemo Leste (through ICD2) and is available for installation using the package manager. Once you've installed the package, restart the device. You should now see a Wireguard applet in the control panel, and a Wireguard applet in the status applet.
= Wireguard in Maemo Leste =
 
[https://www.wireguard.com/ Wireguard] support is integrated in Maemo Leste (through ICD2) and is available for installation using the package manager. Once you've installed the package, restart the device. You should now see a Wireguard applet in the control panel, and a Wireguard applet in the status applet.


There is also support to enable Wireguard only for specific IAPs. To do this, go to the advanced settings of any IAP in the Internet Connections control applet, and navigate to the "Providers" tab. In this tab, select Wireguard as the provider tab, and select your preferred config.
There is also support to enable Wireguard only for specific IAPs. To do this, go to the advanced settings of any IAP in the Internet Connections control applet, and navigate to the "Providers" tab. In this tab, select Wireguard as the provider tab, and select your preferred config.
Line 13: Line 23:
=== Using a config file ===
=== Using a config file ===


For sophisticated setups that are potentially not supported in our configuration user interface, it is possible to create a configuration using the "Load" button in the Wireguard control panel applet. This allows you select a file (path!) to a pre-generated configuration. When the configuration associated with this file is loaded, the contents will be used verbatim.
For sophisticated setups that are potentially not supported in our configuration user interface, it is possible to create a configuration using the "Load" button in the Wireguard control panel applet. This allows you select a file (path!) to a pre-generated configuration. When the configuration associated with this file is loaded, the contents will be used verbatim. (This may be replaced in the future, as the PostUp and such lines could potentially be edited by non-root users but run as root!)


=== Tunnelling all traffic over Wireguard ===
=== Tunnelling all traffic over Wireguard ===


Typically, setting "Allowed IPs" to "0.0.0.0/0" and allowing packet forwarding on the endpoint ought to be enough to make all Maemo traffic go over Wireguard - but keep in mind you might need to set a DNS server (in the Wireguard configuration) that is outside of your LAN.
Typically, setting <code>Allowed IPs</code> to <code>0.0.0.0/0</code> (for one of the peers) and allowing packet forwarding on the endpoint ought to be enough to make all Maemo traffic go over Wireguard - but keep in mind you might need to set a DNS server (in the Wireguard configuration) that is outside of your LAN.


== Debugging ==
== Debugging ==


ICD2 will create the /etc/wireguard/icdwg0.conf file, so if the Wireguard connection fails to start for you, try tunning "wg-quick up icdwg0" and look for any errors. Any other errors beyond wg-quick will require the usual network knowledge to debug (and is not specific to Maemo).
ICD2 will create the <code>/etc/wireguard/icdwg0.conf</code> file, so if the Wireguard connection fails to start for you, try running <code>sudo wg-quick up icdwg0</code> and look for any errors.
 
Most other errors beyond wg-quick will require the usual network knowledge to debug (and are not specific to Maemo).


== Gallery ==
== Gallery ==
Line 33: Line 45:
WireguardProvider.png|Setting a per connection (IAP) Wireguard configuration
WireguardProvider.png|Setting a per connection (IAP) Wireguard configuration
</gallery>
</gallery>
[[Category:Extras]]

Latest revision as of 18:32, 1 November 2021

Wireguard
Status Working
Devices Nokia_N900,Motorola_Droid_4,PinePhone
Import date 2021-11-01
Leste repo https://github.com/maemo-leste/libicd-wireguard
Category Category:Network
Packager User:Wizzup

Wireguard in Maemo Leste

Wireguard support is integrated in Maemo Leste (through ICD2) and is available for installation using the package manager. Once you've installed the package, restart the device. You should now see a Wireguard applet in the control panel, and a Wireguard applet in the status applet.

There is also support to enable Wireguard only for specific IAPs. To do this, go to the advanced settings of any IAP in the Internet Connections control applet, and navigate to the "Providers" tab. In this tab, select Wireguard as the provider tab, and select your preferred config.

Configuring Wireguard using the UI

In the control panel, you should be able to create a new configuration. Make sure to share get the public key from the other endpoints (and other peers, if applicable), and make sure to copy the public key of your device to the endpoint (and/or peers).

Then, in the status applet, select the config you'd like, and enable system wide mode. At this point, connecting to any IAP should cause the wireguard connection to start. If the Wireguard connection fails to start in system wide mode, the IAP will be disconnected. See the "Debugging" section of this article to debug potential problems.

Using a config file

For sophisticated setups that are potentially not supported in our configuration user interface, it is possible to create a configuration using the "Load" button in the Wireguard control panel applet. This allows you select a file (path!) to a pre-generated configuration. When the configuration associated with this file is loaded, the contents will be used verbatim. (This may be replaced in the future, as the PostUp and such lines could potentially be edited by non-root users but run as root!)

Tunnelling all traffic over Wireguard

Typically, setting Allowed IPs to 0.0.0.0/0 (for one of the peers) and allowing packet forwarding on the endpoint ought to be enough to make all Maemo traffic go over Wireguard - but keep in mind you might need to set a DNS server (in the Wireguard configuration) that is outside of your LAN.

Debugging

ICD2 will create the /etc/wireguard/icdwg0.conf file, so if the Wireguard connection fails to start for you, try running sudo wg-quick up icdwg0 and look for any errors.

Most other errors beyond wg-quick will require the usual network knowledge to debug (and are not specific to Maemo).

Gallery