Syntax highlighting of devops/vpn

= VPN =

<<TableOfContents()>>

== WireGuard ==

=== Архитектура ===

{{{
Linux client
   |
   |  WireGuard (0.0.0.0/0)
   |
VPS (public IP)
   |
   |  NAT
   |
Internet (hashicorp.com, registry, etc)
}}}

=== Сервер ===

{{{#!highlight bash
# --- установка
apt install wireguard
# --- включаем форвардинг
sysctl -w net.ipv4.ip_forward=1
# --- создаем ключи
wg genkey | tee server.key | wg pubkey > server.pub
wg genkey | tee client.key | wg pubkey > client.pub
}}}

Конфигурация '/etc/wireguard/wg0.conf'

{{{#!highlight ini
[Interface]
Address = 10.10.0.1/24
ListenPort = 51820
PrivateKey = <server.key>
PostUp   = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = <client.pub>
AllowedIPs = 10.10.0.2/32
}}}

Запуск

{{{#!highlight bash
systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0
}}}