zeldor.biz

Linux, programming and more

Copyright © 2025
Log in

WireGuard site2site VPN

September 29, 2019 by Igor Drobot Leave a Comment

WireGuard(WG) aims to provide a VPN that is both simple and highly effective.
Also to make a really good alternative technology to the existing like IPsec or OpenVPN.


WG is a free and open-source software application and communication protocol that implements virtual private network (VPN) techniques to create secure point-to-point connections in routed or bridged configurations.

I tried WG in a complex high availability datacenter setup and replaced a couple of existing OpenVPN connections with wireguard.
The result was performant and simple at once.

Setup

We have two sites, one with a static ISP address(zeta) and the other with a dynamic one. The goal is to connect the both sides over the WG.

Installation

Debian:

echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable

apt update
apt install wireguard-dkms wireguard-tools

OpenSUSE:

zypper addrepo -f obs://network:vpn:wireguard wireguard
zypper ref
zypper install wireguard-kmp-default wireguard-tools

Currently WG is not within the kernel and there are no official packages available. So you can build an own version or just trust to other third party sources with pre build versions and install it from there. WG-project promises to get the official kernel support in the near future. But for now, this is how it is.

Configuration

On Zeta site:
wg genkey > wgprivate_zeta.key
chmod 700 wgprivate_zeta.key
wg pubkey < wgprivate_zeta.key
On Gamma site:
wg genkey > wgprivate_gamma.key
chmod 700 wgprivate_gamma.key
wg pubkey < wgprivate_gamma.key
On Zeta site:
ip link add dev wg0 type wireguard
ip address add dev wg0 10.0.0.3 dev wg0
wg set wg0 private-key ./wgprivate_zeta.key
ip link set wg0 up
wg set wg0 peer g5k9FzKAmhzwt2HLZ2+1rbGGyvqtHPbG6RK1vkn1KgU=  allowed-ips 0.0.0.0/0 persistent-keepalive 25

On Gamma site:

ip link add dev wg0 type wireguard
ip address add dev wg0 10.0.0.4 dev wg0
wg set wg0 private-key ./wgprivate_gamma.key
ip link set wg0 up
wg set wg0 peer v2m8GnJAmhzjq2HUZ2+1dyWUyvqtHPbG6RK1vkn1KgU=  allowed-ips 0.0.0.0/0 persistent-keepalive 25 endpoint 89.1.240.150:56922

Routing

You have also to set required routes on Gamma site to reach Zeta site:

ip r r 10.0.0.3 dev wg0

The same also on the Zeta site to reach Gamma site.

The allowed-ips part can contain host or network restrictions.
Use the wg command to call the actual status of your WG configurations and connections.

Conclusion

WG is a pretty solid alternative to OpenVPN, simple in use and for sure easy to configure as described in this post.

Also the network performance is a bit better than through OpenVPN. Which was tested during dozen transfer-cases of a binary file[90MB].

Measured transfer Times:

OpenVPN1:23 one minute and 23 seconds
WireGuard1:15 one minute and 15 seconds

Filed Under: Linux Tagged With: IPsec alternative, OpeVPN alternative, security, VPN, WireGuard

Categories

Archives

Tags

apache2 Apple arduino ARM Automation backup bash Cisco Cluster Corosync Database Debian Debian squeeze DIY DNS Fedora FTP Fun Icinga Ipv6 KVM Linux LVM MAC OS X Monitoring MySQL Nagios Nginx openSUSE OpenVPN PHP Proxy Python python3 qemu RAID rsync Samba security ssh Ubuntu virtualization Windows Windows 7 Wordpress

Leave a Reply

Your email address will not be published. Required fields are marked *

Yeaaah Cookie! We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok