Difference between revisions of "Wireguard"

From Maemo Leste Wiki
Jump to navigationJump to search
Line 35: Line 35:
WireguardProvider.png|Setting a per connection (IAP) Wireguard configuration
WireguardProvider.png|Setting a per connection (IAP) Wireguard configuration
</gallery>
</gallery>
[[Category:Extras]]
[[Category:Network]]

Revision as of 09:06, 10 October 2021

Wireguard in Maemo Leste

Wireguard support is integrated in Maemo Leste (through ICD2) and is available for installation using the package manager. Once you've installed the package, restart the device. You should now see a Wireguard applet in the control panel, and a Wireguard applet in the status applet.

There is also support to enable Wireguard only for specific IAPs. To do this, go to the advanced settings of any IAP in the Internet Connections control applet, and navigate to the "Providers" tab. In this tab, select Wireguard as the provider tab, and select your preferred config.

Configuring Wireguard using the UI

In the control panel, you should be able to create a new configuration. Make sure to share get the public key from the other endpoints (and other peers, if applicable), and make sure to copy the public key of your device to the endpoint (and/or peers).

Then, in the status applet, select the config you'd like, and enable system wide mode. At this point, connecting to any IAP should cause the wireguard connection to start. If the Wireguard connection fails to start in system wide mode, the IAP will be disconnected. See the "Debugging" section of this article to debug potential problems.

Using a config file

For sophisticated setups that are potentially not supported in our configuration user interface, it is possible to create a configuration using the "Load" button in the Wireguard control panel applet. This allows you select a file (path!) to a pre-generated configuration. When the configuration associated with this file is loaded, the contents will be used verbatim. (This may be replaced in the future, as the PostUp and such lines could potentially be edited by non-root users but run as root!)

Tunnelling all traffic over Wireguard

Typically, setting Allowed IPs to 0.0.0.0/0 (for one of the peers) and allowing packet forwarding on the endpoint ought to be enough to make all Maemo traffic go over Wireguard - but keep in mind you might need to set a DNS server (in the Wireguard configuration) that is outside of your LAN.

Debugging

ICD2 will create the /etc/wireguard/icdwg0.conf file, so if the Wireguard connection fails to start for you, try running sudo wg-quick up icdwg0 and look for any errors.

Most other errors beyond wg-quick will require the usual network knowledge to debug (and are not specific to Maemo).

Gallery