Note

The Funtoo Linux project has transitioned to "Hobby Mode" and this wiki is now read-only.

Funtoo:User Services/VPN Setup

From Funtoo
Jump to navigation Jump to search

We use WireGuard for our internal VPN. These steps will help you to connect to our VPN. WireGuard is really quite simple to use but does have a learning curve. Once you're up and running, you'll appreciate the fast, reliable experience. Let's get started!

Initial Setup

Your first step is to emerge net-vpn/wireguard-tools:

root # emerge -av wireguard-tools

If you're using our sys-kernel/debian-sources kernel like a good, upstanding funtoo citizen, then you already have wireguard kernel modules available to load.

Before I can get you set up on the VPN, I need you to generate a public and private key. You will send the public key to me, and you'll keep the private key private. This can be done by running the following command:

root # wg genkey

After running this command, please send me the contents of your public.key file.

Now, create an /etc/wireguard/wg0.conf file with the following contents:

   /etc/wireguard/wg0.conf
[Interface]
Address = [IPv4/netmask I provide to you]
ListenPort = 56875
PrivateKey = [Your Private Key]
DNS = 172.19.0.3,1.1.1.1

[Peer]
PublicKey = ct6WFz1ZaIPfsyRSw4NNq7cosE6pMldkP3y0B9fTh0U=
AllowedIPs = 172.16.0.0/12
Endpoint = [Endpoint I Provide to you]

Make this file non-readable by anyone but root:

root #  chmod go-rwx /etc/wireguard/wg0.conf

Really, you're now pretty much set up!

About the Funtoo Internal Network

Up above in wg0.conf, you'll see the line AllowedIPs = 172.16.0.0/12. This specifies the network that Funtoo has mapped for its VPN. This is a special non-routeable range of addresses sort of close to the localhost address of 172.0.0.1, which consists of IP addresses from 172.16.0.1 to 172.31.255.254. All traffic for these addresses will be routed to the VPN.

Starting the VPN

To start the VPN, you'll want to run this command after every boot:

root # wg-quick wg0 up

You can then view network status by typing:

root # wg show
root ##g##interface: wg0
  public key: MTwAQ60ecjiN3H6PCBbq+u7+RLbsVWRw3HCZHTmgtBQ=
  private key: (hidden)
  listening port: 56875

root ##y##peer: ct6WFz1ZaIPfsyRSw4NNq7cosE6pMldkP3y0B9fTh0U=
  endpoint: [VPN endpoint]
  allowed ips: 172.16.0.0/12
  latest handshake: 11 seconds ago
  transfer: 9.05 MiB received, 1.73 MiB sent