lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 30 Mar 2020 20:23:46 +0200
From:   Reindl Harald <h.reindl@...lounge.net>
To:     Randy Dunlap <rdunlap@...radead.org>, netdev@...r.kernel.org
Subject: Re: 5.6: how to enable wireguard in "make menuconfig"



Am 30.03.20 um 19:10 schrieb Randy Dunlap:
> On 3/30/20 1:37 AM, Reindl Harald wrote:
>> https://i.imgur.com/jcH9Xno.png
>> https://www.wireguard.com/compilation/
>>
>> crypto wise i have in the meantime enabled everything and the same in
>> "networking options"
>>
>> but "IP: WireGuard secure network tunnel" still don#t appear anywhere :-(
>>
> 
> In menuconfig, go to Device Drivers and then
> Network Device support. It should look like this:
> 
>   │ │    --- Network device support                                       │ │  
>   │ │    [*]   Network core driver support                                │ │  
>   │ │    < >     Bonding driver support                                   │ │  
>   │ │    < >     Dummy net driver support                                 │ │  
>   │ │    < >     WireGuard secure network tunnel
> 
> 
> but it requires Networking support and Network Devices and INET (TCP/IP)

thanks, i figured it out in the meantime

all the howtows with "Address" in [interface] like
https://wiki.archlinux.org/index.php/WireGuard don't work

figured that also out in my nested Vmware ESXi setup (firewall, clients,
wan) within Vmware Workstation :-)

seems to work like a charm with "ExecStart=/usr/sbin/ip route add
172.16.0.0/24 via 10.10.10.1 dev vpn-client" on the lcient side

---------------------------

[Unit]
Description=VPN Server
After=network-up.service

[Service]
Type=oneshot
RemainAfterExit=yes
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=strict
ReadWritePaths=-/run
ReadWritePaths=-/tmp
ReadWritePaths=-/var/tmp

ExecStart=/usr/sbin/ip link add vpn type wireguard
ExecStart=/usr/sbin/ip addr add 10.10.10.1/255.255.255.0 dev vpn
ExecStart=/usr/sbin/ip link set dev vpn up
ExecStart=/usr/bin/wg addconf vpn /etc/wireguard/vpn-server.conf

ExecStop=-/usr/sbin/ip link del vpn

[Install]
WantedBy=multi-user.target

---------------------------

# HOWTO GENERATE KEYS:
# umask 077; wg genkey | tee privatekey | wg pubkey > publickey
# wg genpsk > preshared

[Interface]
ListenPort = 51000
PrivateKey = ******

[Peer]
PublicKey  = +7k1cHdFoo47OfZOsauj0b7gfL/CEIUbgcx4tJK77ls=
AllowedIPs = 10.10.10.2/32

---------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ