From 106082ad6d1ba7363ac8d71ff038785f6927ba0a Mon Sep 17 00:00:00 2001 From: jasmerah Date: Fri, 9 Jun 2023 22:29:11 +0700 Subject: [PATCH] Missing step: Adding Peers Public Key to WireGuard Server Co-authored-by: Christian Ditaputratama <1184957+ditatompel@users.noreply.github.com> --- .../index.id.md | 23 ++++++++++++++++++ .../index.md | 24 +++++++++++++++++++ 2 files changed, 47 insertions(+) diff --git a/content/tutorials/how-to-setup-your-own-wireguard-vpn-server/index.id.md b/content/tutorials/how-to-setup-your-own-wireguard-vpn-server/index.id.md index e6ffad0..a171bcb 100644 --- a/content/tutorials/how-to-setup-your-own-wireguard-vpn-server/index.id.md +++ b/content/tutorials/how-to-setup-your-own-wireguard-vpn-server/index.id.md @@ -305,6 +305,29 @@ Sebagai contoh, jika Anda hanya ingin mengarahkan lalu-lintas jaringan menuju IP - `PersistentKeepalive` = `15` : Berapa detik sekali *peer* mengirimkan *ping* ke server, supaya server dapat mencapai / berkomunikasi dengan peer yang berada dibalik **NAT**/firewall. - `DNS` Anda juga dapat menentukan DNS server yang ingin Anda gunakan dengan menentukan alamat IP DNS server pada konfigurasi `DNS`. +#### Menambahkan *Peers Public Key* ke WireGuard Server +Setelah itu, Anda perlu menambahkan setiap peer public key ke konfigurasi WireGuard server. Hal ini perlu dilakukan agar peers (client) dapat melakukan koneksi ke WireGuard server. Ada 2 cara yang bisa dilakukan, tergantung dari konfigurasi server Anda. + +Jika Anda mengikuti tutorial ini dengan setting `SaveConfig = true` pada server, maka Anda bisa menambahkan *peer public key* dengan perintah berikut di WireGuard Server: +```shell +wg set wg0 peer 6gnV+QU7jG7BzwWrBbqiYpKQDGePYQunebkmvmFrxSk= allowed-ips 10.10.88.2 +``` +Ubah `wg0` sesuai dengan *interface* WireGuard Anda di server, `6gnV+QU7jG7BzwWrBbqiYpKQDGePYQunebkmvmFrxSk=` dengan *public key peer* Anda, dan `10.10.88.2` dengan alamat IP pada *IP range* WireGuard yang akan digunakan oleh peer. + +Jika Anda tidak menggunakan setting `SaveConfig = true` pada server, maka Anda tinggal menambahkan informasi *peer* ke konfigurasi server (`/etc/wireguard/wg0.conf`). Contohnya: +```plain +[Peer] +PublicKey = 6gnV+QU7jG7BzwWrBbqiYpKQDGePYQunebkmvmFrxSk= +AllowedIPs = 10.10.88.2/32 +``` +Ubah `6gnV+QU7jG7BzwWrBbqiYpKQDGePYQunebkmvmFrxSk=` dengan *public key peer* Anda, dan `10.10.88.2` dengan alamat IP pada *IP range* WireGuard yang akan digunakan oleh peer. + +jangan lupa untuk melakukan *restart* WireGuard *service* setiap Anda melakukan perubahan pada file `/etc/wireguard/wg0.conf`. +```shell +sudo systemctl restart wg-quick@wg0.service +``` + +### Melakukan koneksi ke Server Sekarang, konfigurasi *peer* (*client*) sudah selesai, Anda dapat mencoba melakukan koneksi ke WireGuard server dengan `wg-quick` via `systemd`: ```shell sudo systemctl start wg-quick@wg-do1.service diff --git a/content/tutorials/how-to-setup-your-own-wireguard-vpn-server/index.md b/content/tutorials/how-to-setup-your-own-wireguard-vpn-server/index.md index 804c65a..a35ec54 100644 --- a/content/tutorials/how-to-setup-your-own-wireguard-vpn-server/index.md +++ b/content/tutorials/how-to-setup-your-own-wireguard-vpn-server/index.md @@ -299,6 +299,30 @@ For example, if you only want to route traffic to IP 1.0.0.1 and 8.8.4.4 using s - `PersistentKeepalive` = `15` : How many seconds for peer send *ping* to the server regularly, so the server can reach the peer sitting behind **NAT**/firewall. - `DNS` You can also specify DNS servers you want to use in your `DNS` configuration value. + +#### Adding Peers Public Key to WireGuard Server +you need to add every peers public key to WireGuard server configuration. This need to be done to allow peers connect to our WireGuard server. There are 2 ways to do this, depending on your server configuration. + +If you following this tutorial with `SaveConfig = true` in the server config, you can add *peer public key* by issuing this command (in WireGuard Server): +```shell +wg set wg0 peer 6gnV+QU7jG7BzwWrBbqiYpKQDGePYQunebkmvmFrxSk= allowed-ips 10.10.88.2 +``` +Replace `wg0` with your WireGuard server *interface*, `6gnV+QU7jG7BzwWrBbqiYpKQDGePYQunebkmvmFrxSk=` with your peer public key, and `10.10.88.2` with the IP address of that will be used by that peer. + +If your WireGuard server configuration doesn't contain `SaveConfig = true` config, all you need to do is add peers informations to your WireGuard server config (`/etc/wireguard/wg0.conf`). For Example: +```plain +[Peer] +PublicKey = 6gnV+QU7jG7BzwWrBbqiYpKQDGePYQunebkmvmFrxSk= +AllowedIPs = 10.10.88.2/32 +``` +Replace `6gnV+QU7jG7BzwWrBbqiYpKQDGePYQunebkmvmFrxSk=` with your peer public key, and `10.10.88.2` with the IP address of that will be used by that peer. + +Don't forget to restart WireGuard service every time you change `/etc/wireguard/wg0.conf` file. +```shell +sudo systemctl restart wg-quick@wg0.service +``` + +### Connecting to Server Now, our peer (client) configuration is complete. you can try to connect your device to your WireGuard server using `systemd` service. ```shell