* Newbie - WireGuard per systemd on Debian Buster
@ 2020-04-16 16:23 Hans Kraus
2020-05-04 13:33 ` Alex Xu (Hello71)
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Hans Kraus @ 2020-04-16 16:23 UTC (permalink / raw)
To: WireGuard mailing list
I'm a newbie to wireguard and trying to install a working environment,
starting with one server and one client. First I used the example in
<https://github.com/pirate/wireguard-docs/tree/master/example-simple-client-to-server>
and got it working.
To get a more persistent installation I followed the example in
<https://wiki.debian.org/Wireguard>, with one server and one client,
"Step 2 - Alternative C - systemd". My server has a fixed ip4 address,
my client(s) get their addresses via DHCP (home network and road
warrior). My two "/etc/systemd/network" files on my server are:
/etc/systemd/network/wg0.netdev
---------------------------------------------
[NetDev]
Name=wg0
Kind=wireguard
Description=Wireguard kraush
[WireGuard]
PrivateKey=<private key server>
ListenPort=#####
[WireGuardPeer]
PublicKey=<public key client>
AllowedIPs=<free range>.0/24
---------------------------------------------
/etc/systemd/network/wg0.network
---------------------------------------------
[Match]
Name=wg0
[Network]
Address=<free range>.1/24
---------------------------------------------
I omitted the "Endpoint=<remote IP or hostname>:<remote port>" part
because I don't know (at least at server startup) the IP address of my
client(s).
That doesn't work. wg0 is up, ip addr show shows an address bound to the
interface. But it seems that the server doesn't recognize the peer
because "wg show wg0 peers" gives an empty list back.
Any help appreciated,
Hans
--
Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft.
https://www.avast.com/antivirus
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Newbie - WireGuard per systemd on Debian Buster
2020-04-16 16:23 Newbie - WireGuard per systemd on Debian Buster Hans Kraus
@ 2020-05-04 13:33 ` Alex Xu (Hello71)
2020-05-05 7:28 ` Félix Baylac
2020-05-04 14:50 ` inrin
2020-05-07 10:43 ` Jonas Kalderstam
2 siblings, 1 reply; 5+ messages in thread
From: Alex Xu (Hello71) @ 2020-05-04 13:33 UTC (permalink / raw)
To: Hans Kraus, wireguard
Excerpts from Hans Kraus's message of April 16, 2020 12:23 pm:
> I'm a newbie to wireguard and trying to install a working environment,
> starting with one server and one client. First I used the example in
> <https://github.com/pirate/wireguard-docs/tree/master/example-simple-client-to-server>
> and got it working.
>
> To get a more persistent installation I followed the example in
> <https://wiki.debian.org/Wireguard>, with one server and one client,
> "Step 2 - Alternative C - systemd". My server has a fixed ip4 address,
> my client(s) get their addresses via DHCP (home network and road
> warrior). My two "/etc/systemd/network" files on my server are:
>
> /etc/systemd/network/wg0.netdev
> ---------------------------------------------
> [NetDev]
> Name=wg0
> Kind=wireguard
> Description=Wireguard kraush
>
> [WireGuard]
> PrivateKey=<private key server>
> ListenPort=#####
>
> [WireGuardPeer]
> PublicKey=<public key client>
> AllowedIPs=<free range>.0/24
> ---------------------------------------------
>
> /etc/systemd/network/wg0.network
> ---------------------------------------------
> [Match]
> Name=wg0
>
> [Network]
> Address=<free range>.1/24
> ---------------------------------------------
> I omitted the "Endpoint=<remote IP or hostname>:<remote port>" part
> because I don't know (at least at server startup) the IP address of my
> client(s).
>
> That doesn't work. wg0 is up, ip addr show shows an address bound to the
> interface. But it seems that the server doesn't recognize the peer
> because "wg show wg0 peers" gives an empty list back.
>
> Any help appreciated,
> Hans
>
> --
> Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft.
> https://www.avast.com/antivirus
>
>
It could be that your public key is in the wrong format. Check journal
to see if systemd-networkd outputs any information.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Newbie - WireGuard per systemd on Debian Buster
2020-05-04 13:33 ` Alex Xu (Hello71)
@ 2020-05-05 7:28 ` Félix Baylac
0 siblings, 0 replies; 5+ messages in thread
From: Félix Baylac @ 2020-05-05 7:28 UTC (permalink / raw)
To: Hans Kraus; +Cc: wireguard
Hi,
You also probably want to add:
[Service]
Environment=SYSTEMD_LOG_LEVEL=debug
to your /etc/systemd/system/systemd-networkd.service.d/01-log-level-debug.conf
Networkd is not really chatty by default, the config parser will
silently ignore the syntax errors unless you enable the debug logging :/
Note: remember to disable this once your problem gets fixed.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Newbie - WireGuard per systemd on Debian Buster
2020-04-16 16:23 Newbie - WireGuard per systemd on Debian Buster Hans Kraus
2020-05-04 13:33 ` Alex Xu (Hello71)
@ 2020-05-04 14:50 ` inrin
2020-05-07 10:43 ` Jonas Kalderstam
2 siblings, 0 replies; 5+ messages in thread
From: inrin @ 2020-05-04 14:50 UTC (permalink / raw)
To: WireGuard mailing list
Hi
On Thu, Apr 16, 2020 at 06:23:01PM +0200, Hans Kraus wrote:
>I'm a newbie to wireguard and trying to install a working environment,
>starting with one server and one client. First I used the example in
><https://github.com/pirate/wireguard-docs/tree/master/example-simple-client-to-server>
>and got it working.
>
>To get a more persistent installation I followed the example in
><https://wiki.debian.org/Wireguard>, with one server and one client,
>"Step 2 - Alternative C - systemd". My server has a fixed ip4 address,
>my client(s) get their addresses via DHCP (home network and road
>warrior). My two "/etc/systemd/network" files on my server are:
>
>/etc/systemd/network/wg0.netdev
>---------------------------------------------
>[NetDev]
>Name=wg0
>Kind=wireguard
>Description=Wireguard kraush
>
>[WireGuard]
>PrivateKey=<private key server>
At least on current systemd (245.5) It is called: ``PrivateKeyFile''.
Please not the "File" part.
Please look up under ``man systemd.netdev'' if it is also ``PrivateKeyFile''
Btw. you could use wg-quick Service with normal WG-config .
Greetings
Inrin
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Newbie - WireGuard per systemd on Debian Buster
2020-04-16 16:23 Newbie - WireGuard per systemd on Debian Buster Hans Kraus
2020-05-04 13:33 ` Alex Xu (Hello71)
2020-05-04 14:50 ` inrin
@ 2020-05-07 10:43 ` Jonas Kalderstam
2 siblings, 0 replies; 5+ messages in thread
From: Jonas Kalderstam @ 2020-05-07 10:43 UTC (permalink / raw)
To: wireguard
[-- Attachment #1: Type: text/plain, Size: 1641 bytes --]
I've been running wireguard with systemd in Debian for some time
now.
On 2020-04-16 木 18:23, Hans Kraus <hans@hanswkraus.com> wrote:
> /etc/systemd/network/wg0.netdev
> ---------------------------------------------
> [NetDev]
> Name=wg0
> Kind=wireguard
> Description=Wireguard kraush
>
> [WireGuard]
> PrivateKey=<private key server>
> ListenPort=#####
>
> [WireGuardPeer]
> PublicKey=<public key client>
> AllowedIPs=<free range>.0/24
> ---------------------------------------------
The only thing I can think of here is that your AllowedIPs ends
with a
zero - on the server you have to specify the exact IP
address. It's on
the client side where you let the AllowedIPs be a wildcard.
Examples:
server-side:
---
[WireGuardPeer]
# Client1 address
AllowedIPs=192.168.2.5
[WireGuardPeer]
# Client2 address
AllowedIPs=192.168.2.6
---
client-side:
---
[WireGuardPeer]
# Entire wireguard range
AllowedIPs=192.168.2.0/24
---
> /etc/systemd/network/wg0.network
> ---------------------------------------------
> [Match]
> Name=wg0
>
> [Network]
> Address=<free range>.1/24
> ---------------------------------------------
You might want to consider adding
IPForward=yes
for the server's .network file, and
FwMark=1234
to client's .netdev file, to be sure you can do proper road
warrioring
down the line.
I'm also a bit paranoid and have added the following to my client
.network files:
client.network:
---
[Route]
Address=192.168.2.0/24
---
Hopefully the peer address fix solves your issues.
--
Jonas Kalderstam
PGP key: 987C54AB0D4451ED
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-05-11 6:24 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-16 16:23 Newbie - WireGuard per systemd on Debian Buster Hans Kraus
2020-05-04 13:33 ` Alex Xu (Hello71)
2020-05-05 7:28 ` Félix Baylac
2020-05-04 14:50 ` inrin
2020-05-07 10:43 ` Jonas Kalderstam
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).