6543/homepage
6543
/
homepage
2
1
Fork 1
Code Issues 13 Pull Requests Projects Releases Activity
homepage/content/post/wireguard-vps-android.md

76 lines
3.6 KiB
Markdown
Raw Permalink Blame History

+++
title = "Wireguard Gateway & Android"
date = 2019-07-07T14:41:00+02:00
author = "MH"
cover = ""
tags = ["VPN", "Wireguard", "Android", "Setup"]
description = "Setup a Linux Wireguard Gateway and connet with Android"
showFullContent = false
draft = false
+++
# Setup your Linux Server
Your Linux server should be accessible via a public IP by UDP.
If the IP address changes, use DynDNS.
First **install WireGuard** on your Linux server. On the official website you will find
the right way for your Linux distro:
[WireGuard.com/install](https://www.wireguard.com/install/)
Then **configure** the Gateway.
We will use the range 100.64.0.0/10 (RFC 6598) because it doesn't colide with private IPv4 adresses (RFC 1918).
echo '[Interface]' > /etc/wireguard/wg0.conf
echo "PrivateKey = $(wg genkey)" >> /etc/wireguard/wg0.conf
echo 'ListenPort = 50002' >> /etc/wireguard/wg0.conf
echo "Address = 100.64.0.1/10" >> /etc/wireguard/wg0.conf
iptables -t nat -A POSTROUTING -s 100.64.0.0/10 -o eth0 -j MASQUERADE
systemctl enable --now wg-quick@wg0
Don't forget to save the iptables rules for the next start. The easiest way is to include this config in wg0.conf:
PostUp = iptables -I FORWARD -i eth0 -j ACCEPT; iptables -I FORWARD -o eth0 -j ACCEPT; iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i eth0 -j ACCEPT; iptables -D FORWARD -o eth0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
To get the public key (you need it later on):
wg pubkey <<<$(grep PrivateKey /etc/wireguard/wg0.conf | cut -d ' ' -f3)
Now the gateway is configured and running. To get some information, type in wg and use systemd:
systemctl status wg-quick@wg0
wg
Enable IP forwarding in the Linux kernel by uncommenting or adding (uncommenting) `net.ipv4.ip_forward = 1` in /etc/sysctl.conf to persist the setting between system restarts. Use sysctl -w net.ipv4.ip_forward=1 to enable IP forwarding immediately without having to reboot.
# Setup your Android
Download the App from [F-Droid](https://f-droid.org/en/packages/com.wireguard.android/) or [Google Play](https://play.google.com/store/apps/details?id=com.wireguard.android).
In WireGuard, you must manually set an IP address for each client. The ``100.64.0.0/10`` area has hosts from ```100.64.0.1``` to ```100.127.255.254```, the first one is already occupied by the gateway, so we use ```100.64.0.0.2```.
![]({{<siteurl>}}img/wireguard-android/A.jpg) | ![]({{<siteurl>}}img/wireguard-android/B.jpg) | ![]({{<siteurl>}}img/wireguard-android/C.jpg)
-------|----------|--------
Open the app and "Create from scratch" | Generate a key pair. Make a note of the public key, you will need it later. Name the configuration and add the client IP address with 32 mask. | Add a peer. Now enter the gateway information. Allowed IPs is ```0.0.0.0/0```.
# Add Android Client to Server
Now add the client information to the gateway and restart the interface.
[Peer] >> /etc/wireguard/wg0.conf
PublicKey = <Client-Pub-Key> >> /etc/wireguard/wg0.conf
AllowedIPs = 100.64.0.2/32 >> /etc/wireguard/wg0.conf
systemctl restart wg-quick@wg0 && systemctl status wg-quick@wg0
# Sources
[Wireguard Quickstart](https://www.wireguard.com/quickstart/)
Heise [Besser tunneln](https://www.heise.de/select/ct/2019/5/1551091519824850)
Witepaper [WireGuard: Next Generation Kernel Network Tunnel](https://www.wireguard.com/papers/wireguard.pdf)
Demo Video [Test WireGuard VPN net roaming](https://video.obermui.de/videos/watch/5009724a-a670-4130-bc99-4ab820773da6)
Reference in New Issue View Git Blame Copy Permalink